Guide How to Turn Your 2 Port Synology into a Router
http://forum.synology.com/enu/viewtopic.php?f=39&t=62014
Guide How to Turn Your 2 Port Synology into a Router
The problem: I have a Synology DS1512+ with two ethernet ports. One of them is connected to my home network, the other unused. I wanted to use the free port to extend the network to another computer.
The solution: The interfaces should be separated under Control Panel-Network, not bridged. Both interfaces have a static ip in my case, I guess it would also be OK to let the one that is connected to internet be managed by DHCP.
I have installed DHCP server (the one from Synology) and turned it on only for the interface not connected to my home network (LAN2).
The interfaces should be different subnets – I have 10.0.0.x on the first and 192.168.1.x on second. DHCP enabled on diskstation distributes ip adresses on the same subnet (192.168.1.x) and with the Diskstation (192.168.1.1) as gateway.
VPN server should be enabled too, because it loads the iptables modules. Also possible to do this manually.
On command line I turned on NAT with the command:
- Code: Select all
-
iptables -t nat -A POSTROUTING -j MASQUERADE
I do not recommend this without IP filters for Diskstations connected directly to the Internet, but mine is in my home network, so I didn’t add any.
The last problem was, how to make the iptables rule survive a reboot. That one took a while to solve – adding a startup script didn’t work – the rules were being flushed at some time after startup. Finally I added the command to
- Code: Select all
-
/volume1/@appstore/VPNCenter/scripts/openvpn.sh
after the command which it add’s by itself
- Code: Select all
-
/sbin/iptables -t nat -A POSTROUTING -s ${LOCALIP}/24 -j MASQUERADE
That did the trick.
Also, ip-forwarding should be enabled, but I guess it is by default. Mine was.
Have fun.
- mortral
- I’m New!
- Posts: 1
- Joined: Fri Jan 04, 2013 2:58 pm
Re: Guide How to Turn Your 2 Port Synology into a Router
Your message would have helped me a lot, had we not both being doing it at very much the same time!
To add my own experiences and thoughts, in case they help others…
I have a DS 412+, with two lan ports also, so same idea. In my case my two separate subnets are 192.168.1.1 and 192.168.2.1 – with DHCP running on the second, internal port. In particular, my goal was (without buying a gigabit switch) to get a gigabit link between my NAS and laptop, but also to have internet through that link, since I found that plugging in the lan cable disabled my laptop’s internet over wifi. Since the NAS was net connected to my router – it seemed to make sense.
I didn’t much like the idea of having OpenVPN enabled when I wasn’t using a VPN – and I also found that IP Forwarding was DISABLED by default.
My current solution is to add a startup script called
- Code: Select all
-
/usr/syno/etc.defaults/rc.d/S01iptables_nat.sh
that contains
- Code: Select all
-
# Script to enable port forwarding and IP Masquerading, to share
# the primary internet connection to the second port of DS412+# Enable port forwarding, in case not enabled by default
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the required modules
/usr/syno/etc.defaults/rc.d/S01iptables.sh load_nat_mod forwarding_test# Define the masquerading rule
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
I’m not sure of the actual intended purpose of the ‚forwarding_test‘ – but it seems to load the required modules with minimal extra stuff, though perhaps that’s little different to the openvpn approach.
The name of the script ensures it’s run after S01iptables.sh, which I think might be important.
- qpkorr
- I’m New!
- Posts: 1
- Joined: Tue May 28, 2013 4:05 pm
Re: Guide How to Turn Your 2 Port Synology into a Router
You need the Config File Editor. Open the ‚Package Center‘, click ‚Settings‘ and under ‚Package sources‘ add ‚http://packages.quadrat4.de‘. Now, install the Config File Editor found under ‚community‘.
with DSM 4.2 and up,the Config File Editor may tell you (something in the regions of) ‚Please log in as admin‘. For this to work, log in as admin, then go to control panel, select ‚DSM settings‘, tab security, and deselect ‚improve protection against cross-site request forgery attacks‘.
Now, open the Config File Editor. From the drop down ‚Choose config file‘, select ‚Config File Editor‘ (yes, we’ll config the config editor using the config editor). Now add the line:
- Code: Select all
-
/usr/syno/etc.defaults/rc.d/S01iptables_nat.sh,IP Forwarding
and click ‚save‘. Now, restart the config file editor, and from the ‚choose config file‘ dropdown, select ‚IP Forwarding‘.
next, add these lines (same as in the post above, but I stripped the comments):
- Code: Select all
-
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/syno/etc.defaults/rc.d/S01iptables.sh load_nat_mod forwarding_test
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
hit the save button (which may be grayed out when just pasting the text; in that case, just add an enter to the config file. This should enable the save button again).
now reboot your DS, and forwarding works, using eth0 as the interface facing internet, and eth1 as your lan network.
- tymusz
- I’m New!
- Posts: 3
- Joined: Tue Sep 17, 2013 1:07 pm
Re: Guide How to Turn Your 2 Port Synology into a Router
chmod +x /usr/syno/etc.defaults/rc.d/S01iptables_nat.sh
and ran it, and now forwarding appears to be working.
- m1thr4nd1r
- I’m New!
- Posts: 1
- Joined: Tue Dec 03, 2013 6:16 am