Can't access SMB share via SMB name but can access via IP.
-
I have a NAS with SMB share on a separate interface than my devices that have firewall rules setup to access it. There are NO issues with me accessing the NAS shares via IP address from any interface however when attempting to access the NAS shares via SMB name in Linux or Windows it fails.
I have enabled the DNS Forwarder, DHCP Registration and Static DHCP.
What else am I missing?
Thanks,
-
johnpoz LAYER 8 Global Moderatorlast edited by johnpoz Nov 12, 2022, 10:33 AM Nov 12, 2022, 10:29 AM
@yoe777 said in Can't access SMB share via SMB name but can access via IP.:
access the NAS shares via SMB name
you mean via just host vs a fqdn?
Like nas vs nas.something.tld ?
If that is the case and your nas is on another network then your client, that is to be expected - broadcasting for names doesn't work across vlans.
If your wanting to access via name, then you need to make sure your search suffix on your client auto adds your domain when doing a query.. Or just use the fqdn..
example, if I ping just nas, it comes back as fully qualified.
$ ping nas Pinging nas.local.lan [192.168.9.10] with 32 bytes of data: Reply from 192.168.9.10: bytes=32 time<1ms TTL=64Because my client auto adds that in the dns query.
$ ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : i9-win Primary Dns Suffix . . . . . . . : local.lan Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local.lanSee the DNS Suffix Search List.
if I set debug in nslookup, notice what it actually asked for, even though I only used the hostname nas
$ nslookup Default Server: pi.hole Address: 192.168.3.10 > set debug > nas Server: pi.hole Address: 192.168.3.10 ------------ Got answer: HEADER: opcode = QUERY, id = 2, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: nas.local.lan, type = A, class = IN ANSWERS: -> nas.local.lan internet address = 192.168.9.10 ttl = 3383 (56 mins 23 secs) ------------ Non-authoritative answer: ------------ Got answer: HEADER: opcode = QUERY, id = 3, rcode = NOERROR header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: nas.local.lan, type = AAAA, class = IN ------------ Name: nas.local.lan Address: 192.168.9.10 > -
I am not using VLANS I am using physical interfaces with firewall rules allowing access to the NAS server.
My ipconfig /all output:
If I try to access my NAS in explorer via:
"\nas\sharename"I get this error:
Or Linux via:
"smb://nas/sharename"I get this error:
Could it be because my Primary Dns Suffix is missing?
There are no issues connecting via IP.
-
@yoe777 said in Can't access SMB share via SMB name but can access via IP.:
sing physical interfaces with firewall
Same thing, its a different network..
if you ping nas - does it come back as nas.local.lan? Broadcasting for just a hostname or netbios name doesn't work across networks.. They have to be in the same network for that to work.
Use the fqdn nas.local.lan as you have shown your using local.lan as well..
-
Or add it to your hosts file on the computer.
-
@johnpoz pfSense is adding it for me again on its own? So I will never get that, when it is working or not.
PS C:\Users\Bobby> nslookup Rebel12 Server: pfsense.home.arpa Address: 192.168.10.1 Name: Rebel12.home.arpa Addresses: 192.168.11.20 192.168.9.20 -
@bob-dig home.arpa is the new default. I had set local.lan long time ago and have not completely moved to it yet.
But yes your domain should be added to your windows clients via dhcp
Why is your fqdn coming back with 2 ips, that is not ideal.
-
@johnpoz Ah ok, that was the difference, when I was not using DHCP, thx.
-
My main issue is a media player trying to access the broadcasted hostname, I cannot lookup shares via IP on it. Is there a way to enter a static entry directly in pfsense that will redirect the hostname to the IP?
-
I am a little bit closer by creating a Host Override Static entry under ServicesDNS -> ResolverGeneral -> Settings. My windows machines and linux can access my NAS via hostname now from manual searching for it.
My media player still is not seeing the share on my NAS because the Hostname broadcast is not passing over the interface. You cannot manually place an search entry it only lists the broadcasted names.
Any suggestions as a work around?
-
johnpoz LAYER 8 Global Moderatorlast edited by johnpoz Nov 12, 2022, 10:22 PM Nov 12, 2022, 10:21 PM
@yoe777 your media player - which is what exactly is most likely doing some sort of discovery - that is not going to work on a different network.
What are you trying play? I use my plex specifically on a different network than my players.. It doesn't have to use discovery - it uses a fqdn to know where the server is.
-
@yoe777 I had a similar issue with accessing my NAS smb shares. My NAS is running TrueNAS CORE. Like you, I added a host override in pfSense (under Services > DNS Resolver > General Settings).
NAS details:
Network: VLAN10 (192.168.10.x)
Hostname: truenas
Parent domain: localI was then able to access and map the shares on my Windows computers connected on my default LAN (192.168.1.x) using \\truenas.local[sharename]. I was able to access the shares on my Mac mini the same way.
I use MediaPortal for my media server, also located on the default LAN. I still needed to manually set the media source paths (using \\truenas.local[sharename]) as it wasn't able to locate truenas shares on the network by itself. Let me know if you have the same media server and I will post instructions.
-
Note: I meant to write \\truenas.local[backslash][sharename] above. The backslashes don't seem to work...
-
@yoe777
Frequently those media player apps on a roku or even the service/host discovery on windows doesn't use SMB to find the information. It uses multicast mdns/avahi/servicediscovery/bonjour/whatever. It is expecting to find things automatically with a 224.x.x.x broadcast ip.
You might need to add a rule for networks...not sure if the stopping point is pfsense or some other host based firewall but the idea is:src: any/lan
destination: 224.0.0.251
destination port 5353(at least that is the mdns traffic I see on my network...guessing yours is similar.
-
@skogs opening 5353 in that manner won't pass multicast traffic -- that's unroutable.
AVAHI will do mdns passing between interfaces.
-
@rcoleman-netgate
yaya ^^ that thing.