![]() ![]() Rmmod /lib/modules/nf_nat.ko Using Upstart to keep it running Iptables -t nat -D PREROUTING -p udp -dport 53 -j REDIRECT -to-port 8053 This should produce the following log on the console:Ĭheck the presence of the admin GUI at Now let’s shut it down again for the moment. ![]() Then try to run it testwise using the provided startup script /volume1/homes/NxFilter/bin/startup.sh Iptables -t nat -A PREROUTING -p udp -dport 53 -j REDIRECT -to-port 8053 You will need to start Nxfilter via the SSH console, which requires you to log in as root (using the administrator password) ssh have the port forwarding working, add the following kernel modules and add the rule: insmod /lib/modules/nf_nat.ko (Hint: to use the convenient online text editor, first rename the file to ) Editing the NxFilter config fileĮdit the port configuration to this, for example (with an added line for the DNS port): http_port = 8080 To do so, edit the home/conf/cfg.default file and save it as cfg.properties file. To avoid avoid the necessity to run as root, you should use an alternative port for the NxFilter admin GUI as well as the DNS service. Log into the created NxFilter account, upload and unzip the binaries in to the home folder.There is no need to add any further access (not even for the FileStation), as this account is only used as a convenient, local container for the NxFilter files. Name the user “NxFilter” and keep it the “users” System default group. I suggest to create and use a specific local user account for the NxFilter installation on your Synology NAS to keep things separated.Get the latest NxFilter binaires as ZIP file from their website (nxfilter-v.v.v-p1.zip). Since I will later use port redirection for DNS, I use port 8053 instead of the default 53. In the below example I allow all local traffic to the alternative DNS Port 8053 (UDP) as well as the administration GUI port 8443 (TCP).įirewall rules for DNS, using alternative ports. Add firewall rules in Control Panel / Security / Firewall. You must open a port for DNS and one for the admin GUI.Enable SSH in Control Panel / Terminal & SNMP / Terminal.Install Java, version 1.7.0, using the Java Manager Package in the Package Center of you Synology NAS.Log into your Synology NAS admin GUI as administrator.Use an upstream DNS server, also for queries originating from within the NAS.Use UpStart jobs to start up NxFilter automatically after boot.Modify the Synology firewall to accept traffic for DNS and the NxFilter admin GUI.Add kernel modules for port redirection from Port 53 to a non-privileged port, to avoid running the DNS server as root. ![]() (at least temporarily) enable SSH on your NAS.However, to make it safe (that is, not running it as root) was a little more involved as I thought… You will need to… Thus I decided to go down the native way with the Java Manager module. Unfortunately it is not able to run Docker containers. The DS115j is one of the more affordable models, running Version 5 of the Synology DiskStation Manager (DSM). ![]() To free up my other Raspberry Pi from being a DNS server and to use an already existing NAS on my local LAN, I decided to try to install NxFilter (my favourite DNS filtering solution) to a Synology DS115j NAS device. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |