Windows Share problem
-
Dear Metu69salemi,
i've made some screenshots for you so you can get a clear view of the setup.
There can be some mistakes because i've tried to fix it using trial and error :)Dashboard : http://kris.derocker.name/pfsense/windowsshare/dashboard.jpg
Outboud NAT : http://kris.derocker.name/pfsense/windowsshare/firewall-nat-outbound.jpg
Firewall rules LAN : http://kris.derocker.name/pfsense/windowsshare/firewall-rules-lan.jpg
Firewall rules WIFIPRIVATE : http://kris.derocker.name/pfsense/windowsshare/firewall-rules-wifiprivate.jpg -
You may need new rule on manual outbound nat as:
from privatewifi to lan check the box DO NOT NAT -
I've tried these settings without effect…
WIFIPRIVATE 10.0.0.0/24 * * * * * NO
LAN 10.101.0.0/24 * * * * * NO
WIFIPRIVATE 10.101.0.0/24 * 10.0.0.0/24 * * * NO
LAN 10.0.0.0/24 * 10.101.0.0/24 * * * NOLan = 10.0.0.1/24 range
WIFIPRIVATE = 10.101.0.1/24 range -
did you change the order that more specific is uppermost?
-
I don't see any reason you need manual outbound NAT, better to use automatic, it won't NAT between internal subnets which is what is breaking your Windows share.
-
ok, thanks for the info, it was new to me also.
-
I use manual NAT because i also route some IP blocks (external IP's)
-
I use manual NAT because i also route some IP blocks (external IP's)
Ok, in that case just make sure you don't have outbound NAT rules matching traffic between internal networks.
-
Dear,
I don't think i have…do i?
-
Too many interfaces there in outbound NAT and not enough context to tell. Run a constant ping to the NAS, and check Diagnostics>States. Should just show two IPs there, not a third in the middle where it's translating it. If that's good, then your problem is almost certainly the NAS is setup to not serve Windows shares to off-subnet hosts. For instance Samba has a config option that lets you restrict what IP subnets it will serve, if it's a Windows host, the default Windows firewall settings commonly block all off-subnet file access.
-
This is what i get with ping :
icmp 10.0.0.31:768 <- 10.101.0.2 0:0
icmp 10.101.0.2:768 -> 10.0.0.31 0:010.0.0.31 = NAQ
10.101.0.2 = laptop using wireless -
Then you aren't NATing, so that much is good. Problem is on the server then, what I noted in my last post.
-
cmb,
Thanks for your support, time and answers!
