Synology nas with cat 18 - connect via wan

Have moved my small business & network onto the RV. I need the capability to access the NAS from outside my LAN (remotely).
The CAT 18 device has been set up with mostly the default options. The WAN port has been changed to make it a LAN port. The NAS is connected to one port & a GB switch with devices is attached to the other. I have defined 4 integrated access points I have an AT&T & Verizon SIM installed with the cellular settings set to SIM A only. I also have 2 WIFI as WAN connections.
I have reserved the internal IP address of the NAS so it is constant.
The NAS comes with an application (EZ Internet) to assist in connecting to the NAS. When I run the utility it returns the following:


To my knowledge, I only have 1 router, but. for some reason the application thinks there are two.
Any one out there with knowledge of this that might be able to help?
Have also posted this on Synology forum.
Thanks in advance.

In your case, the WiFi WAN is your second router. (Your router is connecting to another router providing WiFi)

If you have access to the router providing the WiFi WAN you could add port forwarding rules, if not, you can have an outbound policy putting the NAS over cellular.

Jason,
Thank you for your response.
In my feeble attempts at trying to interpret the 2nd router message, I tried disabling the WIFI as WAN connections in the Dashboard previously. Obviously disable did not prevent the CAT 18 from recognizing it.
When you say the router providing the WiFi WAN, are you referring to the CAT 18 router, or, the source of the WiFi signal? In this particular situation, the source of the WiFI signal is the RV park. The chances of doing any port forwarding on the RV park router is somewhere between ‘NOT A CHANCE’ & ‘ARE YOU KIDDING ME’. That leaves me assuming my only option is establishing an outbond policy rule as shown below.

I assume the source would be the local ip address of the NAS
The algorithm would be enforced
The enforced connection would be cellular

AM I getting close?

Not withstanding the security issues with RV park WiFi, will this configuration allow someone to remotely connect to the NAS in the rather unlikely event the RV park WiFi is the only path to & from the internet?

Us newbies really appreciate the help from you more experienced folks. Thank you.

Yep, you’re on the right track.
The RV Park Wifi is the second router in your case, so I agree, port forwarding is out.
I’d put the NAS (either by source IP or source MAC) on an enforced cellular rule; destination and protocol can be any.
As long as you don’t enable port forwarding on your router from the Wifi WAN to the NAS, there’s no way someone on the RV Park network could get to your NAS.

Jason,
Humor me somewhat as I am a newbie.
Let me elaborate a little. Recognizing the security risks (other provisions are in place to secure/control data access on the NAS),
I can imagine a situation where the only viable outside path to the NAS would be via the RV park WiFi (primary cellular provider not available, secondary cellular provider’s data allowance consumed). As I interpret your response, this could be achieved with port forwarding.
Granted, as I mull this over in my mind, there are other ways to get the data securely from the NAS to someone else via the RV park Wifi. I just got carried away with the possibilities.

I think we might be mixing up our points here.

Without setting up port forwarding on your router (which I don’t recommend doing in your case), nobody on the RV park WiFi WAN can talk to anything on your LAN.

With an enforced outbound rule, the NAS will only send internet traffic out over cellular, even if that means it has no internet. The NAS will still/always be available on your LAN/WiFi.

If your goal is to make the NAS available remotely over any WAN, forget the enforced outbound rule, and enable quickconnect, not EZ Connect: https://www.synology.com/en-us/knowledgebase/DSM/tutorial/Network/How_to_make_Synology_NAS_accessible_over_the_Internet#t2

The two routers are the Peplink router and the CG nat, or Wifi NAT, etc. The tool is detecting dual layers of NAT between the Synology and the internet.

Synology’s “quick connect” technology relies on UPnP and opens holes on your behalf in your your FW (peplink if enabled)… Now with Wireless and multiple NAT layers you can’t use UPnP.

My suggestion would be to run a fixed speed fusion tunnel and FusionHUB in Vultr (see documents elsewhere for the various cloud providers) and then L2TP into the remote network via this fixed address.

Otherwise you can manually open the FusionHub for the required internal IP addresses:

Even if you could use the EZ Wizard, I wouldn’t. Always use a VPN solution to return to your secure internal network, and only expose ports (SMTP, WWW) that are required.

This is the solution I use to remotely access my Synology and all internal network resources.

As a bit of history, Quickconnect returns the same error message ( 2 routers). That is the reason I tired
EZ Connect…
As stated, I consider myself a newbie. I know enough to make me dangerous with networks.
I struggled mightily when I set up the configuration (access to the NAS) via a VPN in the house some time ago. Unfortunately, I did not take very good notes, it worked in the house, now I’m in a RV & I’m reinventing the wheel. I was looking for a shortcut.
The reply from Paul_Mossip brings back memories of having to load all sort of windows system add ins, redirecting ports & other such things way down in the bowels of firewalls, routers & what have you.
At any rate, it appears he identified the source of the NAS detecting 2 routers.
Thank you bothj for your help.