Unable to connect to OPT1 from LAN

Perry · Aug 8, 2011, 6:32 PM

A local firewall on the file server with a wrong range?

Bai Shen · Aug 8, 2011, 6:35 PM

A local firewall on the file server with a wrong range?

Tried turning it completely off and still couldn't connect.

It looks like smb doesn't work well across subnets. I'm okay with using FTP instead, but I'm not sure why FTP isn't working either.

Metu69salemi · Aug 8, 2011, 6:39 PM

are you having active or passive ftp?

Maybe you should try to create a rule in opt1
allow smb traffic from servers to lan subnet

Bai Shen · Aug 8, 2011, 6:58 PM

@Metu69salemi:

are you having active or passive ftp?

Whatever Filezilla defaults to. I didn't mess with any of the settings.

Maybe you should try to create a rule in opt1
allow smb traffic from servers to lan subnet

How would that work? What ports are you saying I should open?

Metu69salemi · Aug 8, 2011, 8:07 PM

Google has the answer. I almost had to find it twice
few ports and remember to read that tcp/udp 445 also. it's not in the box

Bai Shen · Aug 9, 2011, 1:25 AM

@Metu69salemi:

Google has the answer. I almost had to find it twice
few ports and remember to read that tcp/udp 445 also. it's not in the box

Since the LAN rule allows the traffic to OPT1, I'm assuming you mean I should open the port from the DMZ side. Do I really need it if I only want access from the LAN to OPT1?

I just tried opening 445 tcp/udp from the server to the LAN subnet and it doesn't seem to have had any effect. I still can't connect a windows share.

I ended up installing CopSSH, and that's working so far, but my transfer speeds are horrible.

Metu69salemi · Aug 9, 2011, 3:48 AM

SMB itself isn't the easiest traffic type to troubleshoot. Thats is the reason why to use opening ports from another interface also. and yes i do know what is the meaning of spi

Bai Shen · Aug 9, 2011, 5:16 PM

@Metu69salemi:

SMB itself isn't the easiest traffic type to troubleshoot. Thats is the reason why to use opening ports from another interface also.

Well, like I said, I opened 445 tcp/udp from the server on OPT1 to LAN and I still can't connect from the LAN.

and yes i do know what is the meaning of spi

Huh?

Metu69salemi · Aug 9, 2011, 7:48 PM

spi = Stateful firewall should keep ports open some while if connection is from inbound of it.

Then i have to admit, i don't have a glue what is the problem on this

Bai Shen · Aug 10, 2011, 7:12 PM

@Metu69salemi:

spi = Stateful firewall should keep ports open some while if connection is from inbound of it.

Then i have to admit, i don't have a glue what is the problem on this

Me either. We'll see how things go when I swap out my current box for the new one.

Honestly, it wouldn't be so bad if sftp wasn't so slow.

pcbosrders · Aug 20, 2011, 3:20 AM

@Metu69salemi:

smb and ftp might need some more knowledge, try to use search. There is lot of discussion already in this forum

here is some info regarding SMB i'm in the proccess to allow file share between ubuntu and windows
through pfense
this might help on the ports to open

netbios- ns -137/tcp # NETBIOS Name Service
netbios- dgm -138/tcp # NETBIOS Datagram Service
netbios- ssn -139/tcp # NETBIOS Session Service
microsoft-ds -445/tcp #if you are using Active Directory

some other ports that might help
Ports 389/tcp For LDAP
port 445/tcp NETBOIS was move to 445 after 2000 (CIFS)
port 901/tcp for SWAT service (web gui to configure Samba)

here is a link that i got most of the info i needed also there is a sample ip table
http://www.cyberciti.biz/tips/connecting-linux-unix-system-network-attached-storage-device.html
i know this doesn't have a sample for pfsense but you can get what rules to create from the ip tables