Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with NAT-ing SMB with 2.0.1

    Scheduled Pinned Locked Moved NAT
    6 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sike
      last edited by

      Hello

      I had pfSense 1.2.1 RC2 running for a while and have upgraded to 2.0.1. The system is running on a ESXi machine with 3 Interfaces.

      I had a NAT with Rules only allowing a couple of Aliases to access SMB on a certain server.

      I have 2 NATs:

      WAN  TCP/UDP  *  *  *  445 (MS DS)  10.10.1.10  445 (MS DS)  Mu_NAT_01
      WAN  TCP/UDP  *  *  *  137 - 139  10.10.1.10  137 - 139  Mu_NAT_02

      And 2 Rules:

      *  Squeeze  *  10.10.1.10  *  *  none    Mu NAT 01
      *  Squeeze  *  10.10.1.10  *  *  none    Mu NAT 02

      And this is what I get in the logs when I try to connect:
      Feb 6 11:39:52 WAN  77.59.X.X:26666    95.174.X.X:80  TCP:S
      Feb 6 11:39:52 WAN  77.59.X.X:26667    95.174.X.X:80  TCP:S
      Feb 6 11:39:55 WAN  77.59.X.X:26666    95.174.X.X:80  TCP:S
      Feb 6 11:39:55 WAN  77.59.X.X:26667    95.174.X.X:80  TCP:S
      Feb 6 11:40:01 WAN  77.59.X.X:26666    95.174.X.X:80  TCP:S
      Feb 6 11:40:01 WAN  77.59.X.X:26667    95.174.X.X:80  TCP:S

      The 77 Address is where I am coming from and the 95 address is the WAN IP of my pfSense box.

      Any ideas what I am doing wrong?

      Thanks

      Sike

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        There is no smb traffic logged from your ip, just http traffic.

        You may need to monitor traffic on this interface instead of searching logs

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • S
          sike
          last edited by

          @marcelloc:

          There is no smb traffic logged from your ip, just http traffic.

          You may need to monitor traffic on this interface instead of searching logs

          There should be no traffic going to port 80. Something must be getting redirected. The rule used to work on the older build.

          I had a look at the forums but could not find an easy way to monitor traffic. Could you give me  a hand?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            You cannot NAT SMB traffic with anything, NAT breaks SMB. It can only be routed.

            1 Reply Last reply Reply Quote 0
            • S
              sike
              last edited by

              Hi All

              I wanted to believe that NAT will not allow SMB to go through, but this issue has become more important in our network. I have been googling SMB through NAT and it should not be a problem.

              The thing is that it used to work on the old network, but not any longer.

              Can anyone help me with a workaround or let me know how to monitor the traffic?

              All the best

              Sike

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                @sike:

                I wanted to believe that NAT will not allow SMB to go through, but this issue has become more important in our network. I have been googling SMB through NAT and it should not be a problem.

                Then your googling has lead you astray. It really cannot be done.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.