Trying to get Samba to Work across VLANs
So I am currently working on my internal homelab VLAN configurations for both my internal networking and server configurations. At the moment, I am having a bit of an issue trying to get my Samba filesharing server back off its knees after the transfer to my new VLAN segmented network.
In the past, I have been able to get my samba fileshare directories added into my windows PC fairly easy. Map network drive, add the correct directory structure, done. My shared file server even managed to show up under the network section of file explorer. Everything was awesome and (despite a few Windows hiccups) it worked well.
Fast forward to my new, segmented network. I can still ping the server, and connect via telnet to 139 and 445. But when I try to re-map my network drives via the standard map network drive function, I get an error of:
"Windows cannot access \%IPofServer% Check the spelling of the name. Otherwise there might be a problem with your network."
So as stated before, I can ping the server, and access the standard ports. In addition, while in testing phase, all my VLAN segments have an allow all protocol to any host/source rule as the only firewall rule utilized.
Diag I have tried: Disabling UFW on my samba server, disabling my firewall on the PC which I desire access from, double checking my samba config; everything checks out, more or less. (I can post the config if needed).
Any help would be appreciated here; either paths to take, diag to try, etc.
Does it work when your on the same segment?
Sure you using the correct IP and stuff is shared?
I access stuff of windows and samba shares across segments all the time, as long as the port is open it works. That is all that pfsense has to do with it. If your showing the port is open and its not working then its not pfsense and something on the machines.
When you segmented your network - pfsense is doing all the routing or do you have downstream router?
"Does it work when your on the same segment?"
Yea, it was working perfectly fine when on the same singular network. I was able to connect to the networked drives seamlessly, and was even able to see the server itself in my network view on my windows PC.
"Sure you using the correct IP and stuff is shared?"
I was using both my DNS address pointing to the proper server IP, as well as the IP address extracted directly from ifconfig on the ssh console. The format I was using to connect was:
"If your showing the port is open and its not working then its not pfsense and something on the machines."
I don't really know what would be different from it being on a separate network segment. I have changed nothing on the server itself to cause it to fail upon being switched to its new VLAN range, and I would assume Windows would be able to see networked services across different segments, assuming all the broadcast traffic can get through which, again, PFSense should be doing being that there is literally an allow all rule on those VLAN's atm.
"When you segmented your network - pfsense is doing all the routing or do you have downstream router?"
The only thing I would say that remotely resembles a "downstream router" would be the VMWare backend that I am using, and even then, I do believe VMWare's port groups function is only a L2 function, and won't screw up with IP information. If I am wrong with this assumption, please let me know and we can drill into my networking config backend for VMware.
So these machines on VM??
Out of the box windows firewall would block access from remote network.
It really is drop dead simple.. You have something messed up in your VM setting I would guess. Are you tagging this vlan or are you using isolated networking and switching? In esxi on your vswitch to not strip whatever tags your setting you would set vlan id to 4095
I would suggest you draw up your networking and how you have these all attached to your VM..
Basically, I have vlan-tagged port groups for each of my servers, then one specific port group for the input of my PFSense server with the 4095 VLAN id set. I did kind of assume this was how it was supposed to go?
georgeman last edited by
The networking part sounds properly configured, this must be a Samba configuration issue. Not a topic for this forum, but are you sure you have properly configured the "hosts allow" and "hosts deny" directives? Check the Samba logs for more clues about what might be going on.