I’ve been trying to make the HDDs of my Synology NAS stay in hibernation, but something on the network is waking the device up at random several times per day. I usually need the NAS only during the weekends when I watch movies or TV series, it’s just a databank for my media player and nothing else. I found out this instruction on the internet to isolate the device in its own subnet.
Can anyone help me with the proper actions, please?
My main router is Mikrotik and Synology is connected to one of its ports directly, so I have some options to do more complicated stuff. For reference reasons my home network’s subnet is 192.168.0.0/24 and default gateway (mikrotik IP) is 192.168.0.1. What worked for me is:
I removed from the bridge the ethernet interface that Synology is connected to.
I configured a completely different subnet on that interface (in my case: 192.168.2.0/24 and Synology IP would be 192.168.2.25)
Make that subnet routable to and from my main home network so that devices that know the IP address of the Synology, can access it.
Added firewall rules in the forward chain as stated below in the order that will be mentioned:
- Accept TCP packets with destination ports 22,80,443,5000,5001,137,138,139,445 and input interface ether4 (the one that has Synology connected on)
- Accept ICMP packets with input interface ether4 (because I want to be able to ping the NAS).
- Accept established and related connection states with input interface ether4.
- Drop everything with input interface ether4.
Hi, here is the answer : Configure a separate subnet for the Synology NAS:
a. On your MikroTik router, create a new VLAN (Virtual LAN) for the Synology NAS. Assign an appropriate VLAN ID, such as VLAN 2.
b. Configure the Ethernet port connected to the Synology NAS to be a member of the newly created VLAN. This will isolate the Synology NAS from the rest of your network.
c. Assign a static IP address to the Synology NAS within the new subnet. For example, you could use 192.168.2.25/24.
Make the subnet routable to and from your main home network:
a. Create a static route on your MikroTik router that directs traffic destined for the Synology NAS subnet (192.168.2.0/24) to the gateway of your main home network (192.168.0.1).
b. Create a firewall rule on your MikroTik router that allows traffic from the Synology NAS subnet to communicate with the main home network. This will allow devices on your main network to access the Synology NAS.
Restrict access to the Synology NAS from the main home network:
a. Create firewall rules on your MikroTik router that allow only specific ports to be accessed from the main home network. For example, you could allow ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) for remote administration. You could also allow port 5000 for DLNA media streaming.
b. Drop all other traffic from the main home network to the Synology NAS. This will prevent unauthorized access to the Synology NAS and help prevent it from being woken up by other devices.
By following these steps, you should be able to isolate your Synology NAS in its own subnet and prevent it from being woken up at random by other devices on your network.
Thanks for the effort, but it’s really not helping me much 
I pretty much know what I need to do but how to do it in Mikrotik is a different matter.
What would actually suffice would be making the ethernet port (ether4) give an IP address from the 192.168.2.x pool and then allow that to connect to the Internet and to it from certain IP addresses from the 192.168.0.x network.