Anyone using a synology NAS?

Yes, it requires the full node to be launched.
I understand your point about the port, but you already have an opened port (for the computer you use to harvest which proably have a LAN access to your NAS) which allows someone to acces to your local network. At the end if there is a vulnerability (and there always is) it will be the same.
I use NAT (on my ISP routeur) + dedicated firewall (with also a second NAT) + (integrated firewall of the DSM) + network target NATTED to the docker only. Not sure that NATing to a windows computer which has full access to the LAN is better, but I could be wrong.

You are right but the typical PC is connected to the WAN constantly for a wide variety of tasks. The NAS has 0 direct WAN connections.

Resurrecting this thread - thanks for the information already shared.

I´ve got a 1621xs+ with 6-bays currently running harvester only via the official docker image. Now i would like to use it as full-node (got 32GB Ram, so i assume not to run into performance issues).
As i have the full node running and synchronized on my primary PC, is there a way to “copy” the mainnet DB into the docker image?

I´ve read in the github readme from the Official Chia Docker Container the parts about Persist configuration and db and “[…]if you would like to persist the entire mainnet subdirectory and not touch the key directories at all: -v ~/.chia/mainnet:/root/.chia/mainnet -e keys=“persistent”[…]” - but i don´t actually get it. Maybe i am translating the meaning of “persist” wrong.

Could some one help me out? Any way to copy the .chia/mainnet from my PC to the NAS and then somehow mount it into the docker container and use the mounted directory (one shot copy, or constantly, so that i could copy that to yet another machine as the blockchain grows)?