Share files from LAN1 to LAN2?



  • Hi guys,

    I have a question to a problem that I can't make it work.
    Before I all my computers was connected to a Asus router there I could share files between computer using Windows homegroup sharing funktion.

    Now my problem is, I build a router using pfsense. I have Lan1, 2 and 3. I gave them subnet address 192.168.1.0, 192.168.2.0 and 192.168.3.0.

    So how can I make the sharing easy so I can share files using Windows sharing between this computer, because this funktion don't work anymore?


  • LAYER 8 Global Moderator

    homegroup in ms infinite wisdom uses ipv6 to talk to your other machines and has to be on the same layer 2.  But not actually to transfer files - go figure ;)

    I use windows sharing between my machines on different subnets without issue, I just do not use the nonsense that is "homegroups" just use normal sharing - you can then access your other windows machines either via their ipv4 or ipv6 address or their fqdn across subnet without issue, as long as your your firewall rules allow it.

    Homegroup is ms failed attempt at trying to make file sharing simple enough for your typical home user.  Clearly you using pfsense and actually subnetting your network promotes you out of the rank and file of ms target audience for homegroups ;)



  • How do I set the firewall rule for this. I cant ping the other computer from lan1 to lan2 so there something blocking it.



  • ms firewall blocks ping and pretty much everything else from other subnets.



  • I am not using virtual machine. I am using pfsense build router


  • LAYER 8 Global Moderator

    Ok your using pfsense on hardware, where did anyone say anything about virtual?

    What are you rules on your other lans?  So default pfsense lan rule are any any.. So create these same rules on your other subnets.  Can you ping the other machines on your different subnets by IP.  From lan the default rules would allow you to ping stuff on lan2 or 3.

    Again stated multiple times now - windows firewall out of the box is going to block traffic from other networks other than is local.  If you want to share files or ping or anything from a different network to a windows machine you will need to adjust its local firewall.



  • OK, now it works. How can I share folders and files in Windows 10? Windows asking for username and password when adding a ip to a location?


  • LAYER 8 Global Moderator

    Well what is the username and password on that windows 10 machine?

    Common trick for file sharing without AD is to just use common username and password on your machines.  So for example machine 1 has account billy with Password1, machine 2 create a billy account with same Password1… Give this billy on machine 2 the permissions you want for files your going to share with machine 1.  Now machine 1 can access those shares without having to enter a username and password.

    If you need help with windows file sharing your prob better off hitting up a windows forum..



  • This morning when I wake up I tried to ping again and it stopped working. Nothing is changed on computers firewall is off and same ip. What's happening I am going crazy now


  • LAYER 8 Global Moderator

    Why don't we take a step back and document your network and its setup.  And then we can go over the basics..

    What do these 3 lan interfaces plug into.. 3 different switches?  A smart switch with vlans setup for the different networks?  Directly into hosts?

    Your not plugging these 3 interfaces in the same dumb switch are you?

    What are you rules on these 3 lan interfaces in pfsense.



  • Ok I will tell everything from beginning.

    I bought a enterprise motherboard with 4 lans and build a router with it.

    WAN:Connected to my ISP and I use VPN

    LAN1: My computer is connected with cable

    LAN2: Unifi Wifi - alla wireless hardwares is connected.

    LAN3: MediaCenter is connected with cable

    NAT OUTBOUND:

    My goal is that I can ping all computers and start sharing files between computers in my local subnets.

    I hope all this helps.


  • LAYER 8 Global Moderator

    Ok for starters on your lan interface your rules are going to push EVERYTHING out your vpn, so how would you get to your other networks?  If you want lan to to get to your other networks you need to have rules that allow pfsense to use its own route table to get to those other local networks before hitting your rule that pushes it out your vpn gateway.

    Create a rule/rules that allow access to your other local networks and put that above your rule that sends traffic out your vpn gateway.

    You have the exact same problem on your other interfaces.  Firewall rules are evaluated top down as the traffic enters that interface.  Your rules forces everything out your vpn. Those any any rules below them are never going to be used.. So yeah your not going to allow your networks to talk to each other with that current configuration.

    If needed I can post up an example of what I am talking about if that will help.  You also need to make sure your not pulling routes from your vpn connection if you want to do policy based routing.  If not your going to most likely pull default route to go out your vpn.



  • Absolutely, please tell me how to configure all right. I really need this working thx mate.


  • LAYER 8 Global Moderator

    Well 1 simple way to do it in 1 rule would be to create a rfc1918 alias that contains the private network space.  Which would be all your local and future local networks you might use.

    Now these rules allow any traffic that is local ie rfc1918 to just let pfsense use its own rules to route it..  If the traffic is say dest to 8.8.8.8 then it would send it out the vpn..  Because that first rule does match.. The destination is not a rfc1918 address so it goes to the next rule.  Says well yeah dest matches "any" so yup your traffic goes out the vpn..

    You can get more restrictive or creative.  So for example in this example clients on net1 or net2 could ask pfsense for dns..  So they might look up www.domain.tld and get back 1.2.3.4 then traffic going there would go out the vpn.  This might be an issue if your tinfoil hat is worried about dns leakage ;)

    Rules are evaluated top down, first rule to trigger wins.  So think of the traffic you want to allow or block and then look at your rules to see what happens.  In your case no matter what the destination the first rule sends them down your vpn.  So there is no way for that client to talk to other networks tied to pfsense, or go out your normal isp connection.

    So you can get as fancy as you want to what the rules do.  Maybe your first rule allows tcp 445 to IP of host on net2, then everything else goes out vpn. etc. etc..




  • Hi,

    Thx for the reply but I did not understand exactly what you mean. Should i remove any of my rules then add another rule to every sub-net? I dont want anything leaking, all internet connection outside the local networks should go trough the VPN. Can you please explain so I can understand it? I am new to all this.


Log in to reply