PfSense and connecting by Samba netbios names



  • Hello,

    recentry I configured my first pfSense setup but I have encountered some strange issue. I bridged 3 LAN interfaces (PC, Server, Access Point), allowed traffic to flow between them in firewall rules, so far so good. I can ping any host and connect to Samba shares via \IP, hosts are also discovered in network places without problems, and here the strange part begins. I can't use the netbios name, double clicking on any discovered machine results in an error. I understand that this is a bad practice and it's always better to map all the shares by thair IP's, but some of the software that I use over VPN (I still have to set it up) relies on the netbios names and I can't change that. I'm a pfSense noob, so forgive me if this is a stupid question.



  • "Netbios" can only work on the same network segment.
    To say it the simply way : it will not hop through routers of firewalls to other networks. Netbios is a very old concept which didn't scale up to newer networks structures;



  • Yeah, but I wasn't asking what netbios is and how it works, I asked what to do to make it work as usual. If the interfaces are bridged, there shouldn't be any problem with netbios and broadcast traffic since it works just as a regular unmanaged switch I guess. Strange thing is that I'm able to reach netbios name of the server and bridged VPN clients from WLAN interface, but not from LAN interface.

    VPN
                            |
                            |
                            |
    LAN –----- PFSENSE BOX ------- WLAN
                            |
                            |
                            |
                      SERVER

    I'm able to connect directly from the 'network neighbourhood' to the machines on the SERVER and VPN interfaces when using WLAN, however it doesn't work from LAN interface. Here's my setup, pretty minimal but time for tweaking will come after I finish with this frustrating issue.

    Am I doing something wrong? There seems to be a problem with the LAN interface (wired network) only - the one with DHCP server and IP assigned.



  • pfSense is a firewall, not a switch. Why do people persist in bridging interfaces when they should've just bought a 5-port switch? Bridging interfaces like this is not in the intended design and (unless I'm mistaken) not supported.



  • If the interfaces in the bridge have different networks (IP addresses) then the bridge has no probably no effect. Bridges work at layer 1 and 2, not 3 see https://en.wikipedia.org/wiki/Bridging_(networking). So your traffic still needs to be routed between different networks.



  • @moikerz:

    pfSense is a firewall, not a switch. Why do people persist in bridging interfaces when they should've just bought a 5-port switch? Bridging interfaces like this is not in the intended design and (unless I'm mistaken) not supported.

    Gosh, I know. I have a switch which is connected to the LAN interface. Did I ever mention that I want pfSense to be a switch itself? Server and Access Point are connected to the separate interface and somehow I'm able to use netbios names between them without problems, even bridged VPN  interface allows to access the server by it's netbios name, so bridging clearly works as intended. The only problem is on the LAN interface with the unmanaged switch. Do you suggest that the AP should be connected to the switch on the LAN port so I could just bridge VPN and LAN together? I know that, I don't have available ports at the moment. But that's really not the issue here, that's just better practice and I will do that after buying the switch with more ports. All I want to do now is to allow netbios name access from my wired LAN devices. If it works between WLAN, VPN and SERVER interfaces , I have no idea why it wouldn't work from LAN.

    @Grimson:

    If the interfaces in the bridge have different networks (IP addresses) then the bridge has no probably no effect. Bridges work at layer 1 and 2, not 3 see https://en.wikipedia.org/wiki/Bridging_(networking). So your traffic still needs to be routed between different networks.

    I see the pattern here, I haven't set up IP's for the other interfaces except LAN and they work correctly. Tomorrow I'll buy a better switch to handle all my internal network (with wireless AP) and try to bridge tap VPN with it. I'm a bit confused since I have no idea if I should assign a separate IP for the virtual TAP interface and route the traffic. It's a VPN bridge, it works within the same subnet, why wouldn't it work when simply bridget with LAN?



  • @Unpleasant:

    I see the pattern here, I haven't set up IP's for the other interfaces except LAN and they work correctly.

    Well it's much easier to help people if they don't mask the important data in the screenshots. Good luck with the switch, when it comes to performance it's always the better choice.