Synology Follow-Up

In the previous post (https://championofcyrodiil.blogspot.com/2020/02/synology-home-nas.html) I configured the Synology DS218j through a virtual network using an Ubuntu VM as the DHCP Server.  Today I wanted to back up some of my files, so I needed to configure some kind of share.

Enable SSHd on the VM

1. $ sudo apt-get install -y openssh-server
2. $ sudo systemctl enable ssh.service
3. $ sudo systemctl start ssh.service

Create an Account on Synology

You will need an account to connect to on the Synology.  You could use the admin account, but don't.  This was easy enough and walking through the Wizard after clicking "Users" somewhere in Control Panel, I created an account named 'charlie'.  

The Control Panel is easy to find when you log in with the Web Browser on port 5000 over HTTP
HTTP is Plain-Text and thus Not Secure.  This is another good reason we are working on a private virtual network, as there are no other devices that could be snooping.

Check SMB Settings

By default SMB is enabled, but I discovered I needed to enable SMB version 3.0 on the Synology!  You'll find this under the "Advanced" SMB settings. 

Create a "New Folder"

Creating an account by itself does not create a Share/Folder that can be accessed from a remote client.  You'll need to create a new folder as well.  Again, the UI is intuitive and you should be able to navigate to "Folders" in the control panel, and create a new one, giving your user account created in the previous step "Customized" permissions.  I enabled "Full Control".  

Also, when creating the folder I set a password and enabled disk Encryption.  Filename lengths are restricted to ~170 characters in your storage folder if encryption is enabled.

Mount the Synology Share using CIFS

You'll need to install 'cifs-utils' using apt-get install first.  Then you can easily add the entry to the /etc/fstab using sudo.

Note the 'user' option.  This allows you to mount with the 'vubuntu' user, making it read/write approved for the SSH User.  Using `sudo mount` works too, but then accessing the VM remotely would require an SSH as root.  You can only SSH as root after modifying the "PermitRootLogin" setting in /etc/ssh/sshd_config.

Was all that Worth it???

I would have to say it was.  The goal was to back up my Desktop PC's data to the Synology, and I've achieved peek throughput of 540 Mbps while using WinSCP to move files from the Desktop's E:\ Storage drive to the Synology over the Cat5 cable.  Which is 67.5MB/sec.

While the connection is 1Gbps, Secure Shell and Virtualization are at play.  Again, this isolates the Synology from the web, while still providing high throughput.  Don't forget to run your Virus Scan on files before backing them up!

Synology Home NAS

Virtual Networked NAS

Everything Configured from My Desktop PC running Windows 10; Color-Coded based on Trust, where Green is obviously the most trusted.

Purchase and Put Together:

• Synology 2 bay NAS DiskStation DS218j (Diskless) - $175.84
• https://www.amazon.com/Synology-bay-DiskStation-DS218j-Diskless/dp/B076G6YKWZ
• Seagate IronWolf 4TB NAS Internal Hard Drive (x2) - $210.58
• https://www.amazon.com/dp/B07H289S79

Total: $386.42

Both Seagate IronWolf 4TB Drives Installed in Synology DS218j

Software Configuration:

• Install Hyper-V on Windows 10: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v
• Download Ubuntu ISO: http://releases.ubuntu.com/18.04/ubuntu-18.04.3-desktop-amd64.iso

Create Virtual Switch for Desktop NIC:

1. From Hyper-V Manager, Click "Virtual Switch Manager" on the Left-Hand "Action" Panel
2. Select "External" for Create Virtual Switch Type
3. Set Name as value that will be intuitive for your Desktop NIC. e.g. 'Wired External Switch"
4. Choose the Ethernet Device Connected Directly to Synology NAS Device

Creating an External Switch in Hyper-V
Think of this as a 'physical' switch between your CPU and Network Card, with only 1 port (Your NIC!)

Create Virtual Machine and Install using ISO

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/quick-create-virtual-machine

Don't forget to add a second virtual NIC to the VM and attach it to the previously created external switch.

Creating "Dual-Homed" VM w/ 2 Virtual NICs
One for Synology, One for Internet(NAT)

Static IP for "Wired External Switch"

You've now got everything connected.  When you boot ubuntu you'll see 1 NIC has an IP (dhcp) from Hyper-V and provides Internet Connectivity.  The second is not enabled at all.  You'll need to enable this by editing /etc/network/interfaces as follows:

Configure Ubuntu to have a Static-IP.  This is normal for Servers that provide DHCP
Ensure 'eth0' or 'eth1' corresponds with the External Switch chosen above.

'sudo ifup eth0' will bring your NIC online after editing the interfaces file

DHCP Configuration (This part can be tricky)

Follow the instructions here: https://help.ubuntu.com/community/isc-dhcp-server

I've used the 192.168.10.0/32 network in this example to match up with the information provided in the link above.  Make sure to check your syntax after editing the file.  `ps -ef | grep dhcpd` should show the server is running.  If there are errors, use `journalctl` to view any errors, fix them, and use `sudo systemctl restart isc-dhcp-server.service`.  Once DHCP is running and everything is connected, you should see a Lease for the Synology using `cat /var/lib/dhcp/dhcpd.leases'.

Make sure to enable 'authoritative' DHCP, since this DHCP server is the only one on this External Switch.

Set up your Synology, Download the OS with VM

When the Synology gets an IP, it should get the first IP in your DHCP range. For me this was 192.168.10.10.  Inside your VM, open a browser and go to http://192.168.10.10 

You will be redirected to set up the device.  Your device wont have an internet connection because we did not configure the VM to act as a gateway/router.  So you'll need to click the link provided in the Synology setup, and Download the OS software to the VMs Downloads folder.  Once complete, verify the checksum `md5sum ~/Downloads/DSM_DS218j_24922.pat`.  This ensure you are getting the right software and no corruption occured during download.  Then switch back to the Synology configuration Tab, and Choose "Select a File/Browse", navigate to the Downloads folder, and 'upload' the .PAT file to the Synology via the web interface.  Finish the configuration and make sure to remember your NAS does NOT HAVE INTERNET CONNECTIVITY.  This is so that you can ensure it is secure and not downloading software you do not explicitly provide.

Once configured using Defaults, you should have 2 drives providing redundant storage with 3.6TB of Storage

What Next?

Now that everything is connected you'll want to think about how you want to access your synology from other devices.  You could simply connect the Synology to your Wifi Router now and access it via wifi.  However, this would expose it to the internet, so make sure you want to do that.

Another option would be to configure the Virtual Machine as a "Reverse-Proxy" for HTTP/HTTPS or set up the routing tables to forward specific ports and provide NATing back to the requester.  There are several possibilities at this point and I hope you have found this tutorial useful and informative.

Read more on how I configure SMB w/ SCP between the Host OS, VM and Synology devices in the next post, https://championofcyrodiil.blogspot.com/2020/02/synology-follow-up.html