[Closed] NFS Traffic being stymied somehow?
I’ve been banging my head against this problem for about eight hours now and I’m sure one of you guys can knock this out in twenty seconds… I love to learn, but after eight hours of weekend work I’m not getting paid for, I want a “cheat code”!
Here’s the scoop.
We have two sites that we need to pass data between. Simple, huh? We will call them Stinky and Smelly.
Stinky has a Hikvision surveillance system.
Smelly has a Synology NAS.
The surveillance system can send files to the NAS over the network using NFS (or iscsi, referred to as I-SAN). We are trying to set up Stinky’s surveillance system so that everything it records locally is copied to Smelly’s NAS.
If the surveillance system and the Synology are on the same network, I can set up the NFS connection no problem. I set them both up with a static IP, point the surveillance at the NAS and voila. Life is good, data copies.
Unfortunately, when they are at different sites, no Bueno. Here’s the layout:
Stinky Stinky has a copper WAN connection with /29 subnet. We will call it 22.214.171.124/29
.49 is assigned to the pfSense
.50 is a virtual IP that has a NAT to Stinky’s NAS, which is 10.10.100.25
Smelly has a Cable connection with a /29 subnet. 126.96.36.199/29
.89 is assigned to the pfSense
.90 is a virtual IP that NATs to Smelly’s Surveillance at 10.10.100.20 (yeah, i know: we used the same /24 IP scheme at each site. doh!)
The problem When I go to create the connection to the drive from Smelly’s Surveillance, I plug in the .90 address and the NFS share. The NVR sees the drive and says it’s uninitialized. I can then select the drive and click “Initialize”, whereupon it will begin to initialize, stop at 20% and then come back with a failed error, nothing more.
Interestingly, I can see that files are moving from Smelly to Stinky. I can create a fresh shared folder on the NAS, connect the surveillance system to it and click init – Between the time I click init and the time it fails, it begins to create the folder structure – I basically creates a file in the root of the folder, then a directory, and puts a few files into the directory.
While troubleshooting, I have created rules to basically allow EVERYTHING between these two WAN subnets… All ports, all protocols. I’m still getting the same results. Of course, I don't want to keep it that way!! Just letting you know.
Bummer is the surveillance vendor had it set up and working between sites prior to our installing the pfSense, and now I’m starting to look like a fool (which I am).
FYI, we have disabled all services on the cable modem – put it in the newfangled “bridge mode” that isn’t really bridge mode that Comcast now uses.
I can visit the public IP of the NVR and the NAS no problem, I can view surveillance remotely, and I can log in to the NAS and manage it no problem.
I’ve started wondering if outbound NAT might be the issue?
Help me Obi-Wan, you’re my only hope.
I ended up abandoning this, changing the IP scheme at one site and then set up a site to site VPN.