My Synology NAS firewall has the possibility to block request by country.
Since the NAS is behing my home router firewall, does this make any sense ?
I mean: when a client enters my home external IP, the router forwards the packet to the Syno (provided that the request is on a forwarded port), but the packet now has a local address, right ?
So I guess the Syno has no clue about the real address and geographical origin of the packet ?
Thanks for any simple clarification.
Antwort1
No, it would still have an external source address just like any other incoming data. Up until it hits your NAS the only thing being changed is the destination IP. You could look at the source address by using wireshark, to see that they are in fact public IP's of where the packet came from.
If the scenario worked out as you're imagining, your NAS could get the request but then there would be no information on how to get back where it came from.
Below are two high level explanations of what happens to an IP packet when it's being routed.
IP packet going from internal to external
Source IP address is changed from hosts' address to address of the NAT routing device in IP header. After these changes, the IP packet is sent to network where the destination is.
IP packet going from external to internal
Destination IP address is changed from the NAT routing device address to client's address. After these changes, IP packet is sent to network where client is.