QNAP NAS Community Forum

Hi guys. I have a qnap NAS device that is working well in my house and I can access it from outside the house with no issues. I installed a similar device at a relative house, everything is working fine in LAN but there are some access issues when trying to connect outside the house. 

I looked throw the configuration and I found that port 80 and 443 are having issues (attached). My guess here is that the relative is using a Camera System for his house and the DVR is consuming these ports. Also, years back I had to put the Camera System throw the DMZ in order for it to work (The configuration documents of the camera system required this).

So the question here is. How can I fix this? I am not that expert in networking, so I believe that two devices can't share ports. For that, I believe that I need to give different ports for these devices for them to be accessed from outside with no issues.

Kindly advice and thank you in advance.

Off-topic opinion: If the camera system requires being a DMZ host, it's a poorly lazily designed and unsecure product - much like all the 'IoT' devices.

The camera system being a DMZ host does not preclude having ports forwarded to other systems on the network, so it's not the direct cause of the conflict you're seeing. The order of priority the NAT router/firewall uses to forward incoming packets to specific hosts on the network is:
UPnP rules first
If no matching UPnP rule, then manual port forwarding rule second
If no matching manual rule, then DMZ third
If no DMZ, reject or drop the packet

So if you have a conflict on a specific port, you should check the NAT router/firewall to find the UPnP or manual port forwarding rule that's already defined for that port, and to which system it is forwarding.

Then you can decide if you want to change the ports on that system, or on the NAS, to resolve the conflict.

Assuming you want to change the ports on the NAS:
- For 'Secure NAS Web', currently set to 443 in your case: go to Control Panel > System > General Settings > System Administration. Edit the field 'Port Number' under 'Enable secure connection (HTTPS)'.
- For 'Web Server', currently set to 80 in your case: go to Control Panel > Applications > Web Server > Web Server. Edit the field 'Port Number' under 'Enable Web Server'.

I hope this makes sense.

Off-topic opinion: Why are you exposing the NAS web administration interface to the entire world? This is basically an open invitation for hackers to try and break in. I hope for your sake that you're using very strong unique passwords. But even a strong unique password won't protect you if you don't use SSL. But even if you use SSL a strong unique password won't protect you if you go through public Internet access points to connect to your NAS. But even if you don't go through public Internet access points you still won't be protected against hacks in case a security vulnerability is exploited in the NAS web admin interface.

Just to clarify as I didn't mentioned this before since I thought it could be unnecessary. My relative didn't manage to access the qnap from outside his house by using his phone using qfile. He told me that he try's to login and out of 10 times it somehow works. Also, I assumed it could be related the internet speed he got but I excluded that (download 100 kbps, upload 50 kbps).

I assumed this could be the issue since I compare it to my qnap and it is the only difference that I could understand.

Comparing his usage to mine, I do need to login to the qnap from work using the web browser (Possibly he may need that too). But if there is a much secure way, please mention it.

Thanks,

Do not expose your NAS QTS ports to WAN, a prime attack vector for malware

If you need to access your NAS from WAN use a VPN (server on router or dedicated firewall)

I total get what you are saying. But is what mentioned above fixes the issue and make qfile login easily?

Again, I am asking this since I am not that into networking. What happens if I had to change the ports in the NAS? something like 80 to 83 and 443 to 445? of course this fix the conflict issue but will I be able to access the qnap from the phone using qfile, qmanager easily or the web browser?

And is there a tool that I can use to search in LAN which ports that are not currently been used at all?

katana85 wrote: ↑Sat Nov 21, 2020 5:38 pm What happens if I had to change the ports in the NAS? something like 80 to 83 and 443 to 445?

The conflict is resolved. You then need to specify the new port number being used in each client app you use to access the NAS, unless the app can auto-detect the port number.

With a web browser for example, if its name is "mynas" and its IP address is 192.168.1.23, and you change the web server port from 80 to 83, you would type in the address bar:
Before the change
http://mynas/ or http://192.168.1.23/
After the change
http://mynas:83/ or http://192.168.1.23:83/
If you don't want to have remember and type in the address with the port number every time, create a bookmark.

of course this fix the conflict issue but will I be able to access the qnap from the phone using qfile, qmanager easily or the web browser?

Yes. For web browser, see example above.

For qfile and qmanager, refer to QNAP documentation:
How to use Qmanager to manage a QNAP NAS
Accessing and Sharing Files on a QNAP NAS Using Qfile
Each explains how to specify a non-default port number, or how to use the port number auto-detection if available.

And is there a tool that I can use to search in LAN which ports that are not currently been used at all?

Port usage on the LAN doesn't matter, each device on the LAN can use the same port as another without issue. What matters are which ports are being forwarded from/to the WAN to/from specific devices on the LAN. As I mentioned previously: you can see the current port forwarding configuration (UPnP and manual) on the NAT router/firewall. Check your NAT router/firewall's administration guide for details.