Access your router configuration panel from outside using your Synology NAS
I was in Portugal and needed to open a port on the router at my home in France. To access the NAT route configuration page, I had to create an SSH tunnel through my Synology.
- 1. Enable SSH on Synology
- 2. Tell sshd you are allowed to do TCP forwarding
- 3. Create an SSH tunnel
- 4. Bonus: lie to your router
1. Enable SSH on Synology
I'm not going to do explain that here, because if you haven't already enabled it you can't follow the rest of this tutorial (unless you synology is doing the NAT). It's recommended to enable it on a dirrent port than 22. Believe me, they are lot less bots trying to bruteforce your password on a different port.
This tutorial can be followed to access any local computer from outside securely.
2. Tell sshd you are allowed to do TCP forwarding
First, connect to ssh on your synology. We are going to edit the sshd_config
configuration file with sudo and vim. No don't go away! I'm not a vim user either but you will see, it's not that complicated.
sudo vim /etc/ssh/sshd_config
At the end of the file we are going to add thoses lines to allow us creating ssh tunnels. By default, only root and admin are allowed to do ssh tunnels. So here we add our user:
Match User root AllowTcpForwarding yesMatch User admin AllowTcpForwarding yesMatch User myusername AllowTcpForwarding yes Match User anonymous AllowTcpForwarding no GatewayPorts no
Basic usage of vim, but you can also look out on internet:
- Scroll to where you wanna insert something, press
i
- After writing the new lines, press
ESC
- Save with
:w
andEnter
- Quit with
:q
Since I don't know how to restart a service on a Synology, I did deactivated and reactived ssh on the web interface of my Synology NAS. That does the trick 😄
3. Create an SSH tunnel
Its just one line! You basically open a normal ssh connexion but with a local port on your computer redirected to an ip:port on the remote lan. And all of this secured by your ssh connexion.
ssh -L [local_port]:[router_lan_ip]:80 [username]@[nas_ip] -p [ssh_port] # Example: ssh -L 8000:192.168.1.1:80 myusername@mynasdomain.com -p 24
Keep the connexion open and go to 127.0.0.1:8000 on your computer and you will see your router web configuration.
4. Bonus: lie to your router
I'm french and my internet provider is Orange. When I tried this, the connection was successful but closed abruptly with an empty response. When Chrome communicate on 127.0.0.1:8000
, he send an http header Host: 127.0.0.1
. That's normal, this is how you can host multiples websites with diffrent domain on the same server. But my Livebox only respond to the following hosts: 192.168.1.1
or livebox
.
So here is a magic trick, on your mac/linux :
sudo nano /etc/hosts
Add this line
127.0.0.1 localhost::1 localhost127.0.0.1 livebox
Now, go back to your browser and ask for http://livebox:8000 instead of http://127.0.0.1:8000. I suppose you could also install a chrome extension to fake a Host:
header too.
Syntax highlighting provided by torchlight.dev