Dobry den,
nedavno jsem si poridil na doma Synology NAS DS204 na zalohovani dat z pocitace a pro moznost pristupu k datum z venku. Musel jsem trochu priohnout nektera pravidla ve firewallu, abych videl vse, co potrebuji a mam pocit, ze jsem to pozohybal az moc, takze ted se nedostanu na Turrise z vnitrni site po zadani IP adresy 192.168.1.1, na ktere mi router bezi. Dostanu se na nej jenom zadanim DDNS linku, ktery mam u duckdns.org (coz mi funguje zvenku v poradku). Mam pocit, ze to je problem presmerovani portu 80, ale neuvedomuji si, ze bych neco menil.
Rad bych vlozil obrazek, ale zatim jsem neprisel na to jak, takze aspon textovy vystup nastaveni meho firewallu:

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp udp'
  option src_dport '3306'
  option dest_port '3306'
  option name 'MySQLPR74ex'
  option dest_ip '192.168.1.101'

config redirect
  option target 'DNAT'
  option dest 'lan'
  option proto 'tcp udp'
  option src_dport '3306'
  option dest_ip '192.168.1.100'
  option dest_port '3306'
  option name 'MySQLPR74in'
  option src 'lan'
  option src_ip '192.168.1.100'
  option enabled '0'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp udp'
  option src_dport '38213'
  option dest_ip '192.168.1.100'
  option dest_port '38213'
  option name 'uTorrent'

config defaults
  option syn_flood '1'
  option input 'ACCEPT'
  option output 'ACCEPT'
  option forward 'REJECT'

config zone
  option name 'lan'
  list network 'lan'
  option input 'ACCEPT'
  option output 'ACCEPT'
  option forward 'ACCEPT'

config zone
  option name 'wan'
  list network 'wan'
  list network 'wan6'
  option input 'REJECT'
  option output 'ACCEPT'
  option forward 'REJECT'
  option masq '1'
  option mtu_fix '1'
  option log 'true'
  option log_prefix 'turris-000000: '
  option log_limit '60/minute'
  option log_level 'debug'

config forwarding
  option src 'lan'
  option dest 'wan'

config rule
  option name 'Allow-DHCP-Renew'
  option src 'wan'
  option proto 'udp'
  option dest_port '68'
  option target 'ACCEPT'
  option family 'ipv4'

config rule
  option name 'Allow-Ping'
  option src 'wan'
  option proto 'icmp'
  option icmp_type 'echo-request'
  option family 'ipv4'
  option target 'ACCEPT'

config rule
  option name 'Allow-DHCPv6'
  option src 'wan'
  option proto 'udp'
  option src_ip 'fe80::/10'
  option src_port '547'
  option dest_ip 'fe80::/10'
  option dest_port '546'
  option family 'ipv6'
  option target 'ACCEPT'

config rule
  option name 'Allow-ICMPv6-Input'
  option src 'wan'
  option proto 'icmp'
  list icmp_type 'echo-request'
  list icmp_type 'echo-reply'
  list icmp_type 'destination-unreachable'
  list icmp_type 'packet-too-big'
  list icmp_type 'time-exceeded'
  list icmp_type 'bad-header'
  list icmp_type 'unknown-header-type'
  list icmp_type 'router-solicitation'
  list icmp_type 'neighbour-solicitation'
  list icmp_type 'router-advertisement'
  list icmp_type 'neighbour-advertisement'
  option limit '1000/sec'
  option family 'ipv6'
  option target 'ACCEPT'

config rule
  option name 'Allow-ICMPv6-Forward'
  option src 'wan'
  option dest '*'
  option proto 'icmp'
  list icmp_type 'echo-request'
  list icmp_type 'echo-reply'
  list icmp_type 'destination-unreachable'
  list icmp_type 'packet-too-big'
  list icmp_type 'time-exceeded'
  list icmp_type 'bad-header'
  list icmp_type 'unknown-header-type'
  option limit '1000/sec'
  option family 'ipv6'
  option target 'ACCEPT'

config include
  option path '/etc/firewall.user'

config include
  option path '/usr/share/firewall/turris'
  option reload '1'

config rule
  option target 'ACCEPT'
  option src 'wan'
  option proto 'tcp'
  option dest_port '443'
  option name 'Https'
  option src_ip '193.86.239.162'

config rule
  option target 'ACCEPT'
  option src 'wan'
  option proto 'tcp'
  option dest_port '22'
  option name 'SSH'
  option src_ip '193.86.239.162'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp udp'
  option src_dport '5000'
  option dest_ip '192.168.1.101'
  option dest_port '5000'
  option name 'SynologyNAS5000'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp udp'
  option src_dport '5001'
  option dest_ip '192.168.1.101'
  option dest_port '5001'
  option name 'SynologyNAS5001'

config rule
  option target 'ACCEPT'
  option src 'wan'
  option proto 'tcp'
  option dest_port '3306'
  option name 'PHPMyAdminSynology'
  option dest_ip '192.168.1.101'
  option src_port '3306'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp udp'
  option src_dport '16881'
  option dest_ip '192.168.1.101'
  option dest_port '16881'
  option name 'DownloadStationSynology'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp udp'
  option src_dport '6881'
  option dest_ip '192.168.1.101'
  option dest_port '6881'
  option name 'DownloadStationSynology2'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp'
  option src_dport '777'
  option dest_ip '192.168.1.101'
  option dest_port '80'
  option name 'PHPMyAdminSynology'
  option enabled '0'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp udp'
  option src_dport '2222'
  option dest_ip '192.168.1.101'
  option dest_port '22'
  option name 'SSH'
  option src_ip '193.86.239.162'

Budu rad, kdyz me nakopnete.