DDNS and Synology Photos

My understanding is you need to use the same home WAN port that’s on the CF’s list of approved http/https edge ports, else you’ll need CF’s Enterprise plan:

If traffic for your domain is destined for a different port than the ones listed above, for example you have an SSH server that listens for incoming connections on port 22, either:

  • Change your subdomain to be gray-clouded , via your Cloudflare DNS app, to bypass the Cloudflare network and connect directly to your origin.
  • Configure a Spectrum application for the hostname running the server. Spectrum supports all ports. Spectrum for all TCP and UDP ports is only available on the Enterprise plan. If you would like to know more about Cloudflare plans, please reach out to your Cloudflare account team.

The problem is those are well known (i.e., often scanned) ports that you’d have to expose. You may be better off bypassing the CF proxy and using a high numbered port like 65020 on your home WAN, along with strong security measures to lock it down.