I assume the NAS has some form of authentication before you can access it?
IF you port forward to the NAS and use 80 make sure your running the latest firmwares that contain the latest security fixes.
Normally there are loads of people scanning the Internet looking for a vulnerable device…
Other question is how do you plan to use/access it and does it need to be so simple “grandma” can also access it?
If not I would suggest to run it at least on an alternative port number like 49180 or something, not that it ads so much security but most of the kiddies scan for the “lower” ports…
The above is based on the theory that you would like to access the NAS with a browser, I assume it supports other ways also like (S)FTP etc?
Opening a port to the NAS does not directly compromise the other computers security BUT in theory if someone can get to the OS of the NAS they could probably “jump” to the internal PC’s if you would be accepting traffic FROM the NAS TO your PC’s normally that would be only the other direction.
I did try it on several other ports but it would just not connect. Also, with another port range selected, if you typed just my IP address into a web browser without the XXX.XXX.XXX.XXX:PORT (just the default port 80) it went to the login page for my actual router?!
Was that from the Internet or on the Local Network?
I would not advise to let your router be manageable from the Internet on port 80, that’s totally insecure…
On the inside that’s normal, your router listens on this port so it’s not able to forward requests to port 80 to an other system.
From the Internet it should be possible to port-forward 80 to the internal NAS.
I agree with Ronny that port 80 is not a good idea for that, and it is not a good idea either, outside of security issues, to forward port 80 to a single lan computer.
Also note that some software (vnc is an example) have an option for server connexions through a java machine, and allow connecting to each of the lan computers, each with a dedicated port, by default 590n where n is the number affected to each computer; i don’t know enough of java to say if it would be a better security.
ip redirecting softwares could also be a possibility as, even if you have a fixed ip, “clients” would connect to a fake domain on an alternate port (e.g. 8245 by default for No IP) under firewall and password control, and being easier to forward port 8245 then 80 on a single lan computer.