Network discovery not fully working in Windows 7 & 10 after adding second LAN...

Ghost 0 · Dec 19, 2020, 4:28 PM

Hi, All!

I'm relatively new to pfSense. Approximately 6 months ago, I repurposed an old HP workstation (Intel 2 Quad CPU Q8200 @ 2.33GHz 4 CPUs: 1 package(s) x 4 core(s)// 4 GB RAM/ 500MG HD) that was collecting dust in my closet as a new pfSense router for my network. I added a cheap Intel 4-port NIC from Ebay for $15.00. This replaced my TP-Link dual-band router. My Network Topology:

WAN (Comcast, 200 mbps) <----Netgear refurbished cable modem---->HP Workstation w/pfSense: <<-->> Ig0 interface (WAN)
<<-->> Ig1 interface {Trunk#1 (tagged)} = LAN1, ( VLAN10, VLAN20, VLAN30)

Trunk#1 (cat 6)<-----> D-link switch (16- port/Level-2 management):

                               port   9            --- ->{via cat 6}      AP #1 (VLAN10)  
                               port  10            ---->{ via cat 5}      AP #2 (VLAN20)
                               port  11            ---->{ via cat 5}      AP #3 (VLAN30)

Trunk#2 (cat 6) Ig2 interface <---> LAN2 ----->D-link (8-port un-managed switch)

The above, cheap and inexpensive, AP's are strategically placed throughout my relatively big house....This system acts as a cheap homemade mesh system, which works great. And also every room is wired for ethernet reception, which I did myself due to Covid-19 home isolation boredom. Running ethernet wires from the hot attic to walls is no joke.

Less secured devices like IoT are segmented from the LAN. They reside on VLANS only and not allowed to communicate with the LAN. But, devices on the LANs can communicate with VLAN devices (one-way communication only). This works perfectly after adding the RFC1918 option via alias in the firewall. NordVPN works great on all interfaces including VLANS after following the instructions from NordVPN. I had to modify the Windows 7 firewall after a Google search to allow ICMP echo requests and file transfers to other subnets within the network.

My only minor current issue is that auto network discovery doesn't work properly after adding the second LAN with a different subnet. I can only transfer files between subnets only if I use Network drive mapping. I can't see the other networks in windows 7 or windows 10 in file explorer when I click on the network tab...It is no BIG deal for me, but my family wants the regular option activated because they don't want to deal with drive mapping when they want to access files from other subnets. How do I mitigate this minor dilemma? Does anyone know which windows firewall rule controls this function or I'm overlooking something else in pfSense??

Overall, I love pfSense. My network is now fast and stable. I was a bit hesitant initially due to the potential learning curve. But, after lots of YouTube videos and reading posts from this forum and other places, my network now exceeds all expectations. This upgraded network is a result of Covid-19. It would have never happened if didn't have so much time to kill at home due to Covid-19. It is sad to say this is one of the benefits of Covid-19 quarantine.

By the way, your help would be greatly appreciated if the above question is resolved for the sake of my family!

johnpoz · Dec 19, 2020, 4:39 PM

Discovery is not going to work across vlans/network segments. Discovery is L2 only..

BTW that is not some pfsense thing - that is just how discovery protocols work.. They can only discover stuff that is on the same network.. This is done via either broadcast or multicast - which is limited to the L2 they are on..

If your trying to access for example your NAS - just access it via its fqdn --> nas.yourdomain.tld for example.

Ghost 0 · Dec 19, 2020, 5:55 PM

Hello,

I thought I was doing something wrong or overlooking a feature in pfSense. Now, I can put this issue to bed after your reassurance. My family will just have to deal with it... Thanks for the quick reply!

johnpoz · Dec 19, 2020, 6:04 PM

Simple solution for users is to just put a short cut on their desktop that either points to \nas.domain.tld (whatever your local fqdn is for your nas) or \ipaddressofnas

Or just map a drive letter to your shares..

This works out better normally because its less clicks ;)

Make it pretty for them - put a fancy icon on it if you want.. You can change the name to something like Files ,or Your Stuff or Movies, or whatever, etc..

Ghost 0 · Dec 19, 2020, 7:12 PM

Hello, Again!

You will not believe what happened? After I created the shortcut for the shared folders to the desktop per your suggestion, I can now see the other network tab (LAN2) in file explorer in windows 7 when I click the desktop shortcut, which I couldn't do before. Now I can see all available shared files even the ones not included in the shortcut. This is a great workaround. I will test it later on the windows 10 workstation. It should work, but you never know... My network (pfSense ) is now fait accompli. Thanks for your help!

johnpoz · Dec 19, 2020, 7:28 PM

Yeah shortcut to the root of the nas will show you all the shares. While a drive mapping has to really go to a specific share..

You can get specific with your shortcut if you want them going direct to a specific share..