SMB issues port stuck open? Wifi router set in bridge mode and SMB still working over firewall
-
Hello fellow netgate community can you please help?
I just did some testing and installed Samba on a Raspberry Pi to act as a file server for my Android phone iPhone while on Wi-Fi and other systems in the home network. I created the share with url based access so SMB://192.168.1.3 in the web browsers. I can connect any system to my fileshare. It is amazing but wait I never opened up port 445 and 139 on the firewall for LAN communications. How is traffic being routed over SMB without opening the ports on the firewall. My WiFi unit is in bridge mode. I see the NetBIOS being blocked when I transfer files to the file server but it just keeps on working. Is pfSense really blocking Server message block by default? Is this an extension of eternal blue issues with SMB being open?
(Image: URL access of SMB unseen by pFsense)
(Image: Showing current firewall rules connection with SMB://192.168.1.3 and information on connection)
(Image: SMB port Access provided) -
@jonathanlee pfsense has zero to do with stuff talking to each other on the same network.
Your 192.168.1.5 talking to 192.168.1.3 has zero to do with pfsense.. You could create as many rules as you want.. Devices on the same network, don't route traffic through a gateway.. A gateway is used to get off a network, not talk to stuff on the same network.
the NetBIOS being blocked when I transfer files to the file server
No you wouldn't you prob seeing broadcast traffic clients send out looking for other smb clients, announcing themselves, etc. etc..
When client 192.168.1.x/24 wants to talk to 192.168.1.y/24 - first thing it sees via the mask and the address, oh that is on my network. It will arp, if the 1.y answers with its mac, then it will send traffic to that IP via its mac address. Nothing to do with pfsense.
-
@johnpoz Thanks for the reply.
I really like having a Raspberry Pi as a mini NAS for our home network. I also started to also notice the local loopback 127.0.0.1 having SMB connections out to the WAN of all things. Is that something to be alarmed about? I set the DNS to use the remote and it stopped all the 445 connections inside of the loopback to wan.
Make sure to upvote
-
-
@jonathanlee said in SMB issues port stuck open? Wifi router set in bridge mode and SMB still working over firewall:
I also started to also notice the local loopback 127.0.0.1 having SMB connections out to the WAN of all things.
Huh? Not possible 127.0.0.1 can not go anywhere, its the local host..
Where do you think you seeing that?
lo that your showing with that address is the loopback interface, and yes its IP address is 127.0.01.. But that IP can not go anywhere.. Other than itself.
-
In logs, It was showing as source as the loopback with a destination as SMB with the WAN side. Weird. It is gone now. Looked like a tunnel
-
@jonathanlee what logs? Did you mean states?
Something like this
The 64.53.x.x is my external wan IP. shows outbound dns connection, and while it shows the 127.0.0.1 this is natted to the pfsense wan IP.
-
@johnpoz yes, it was states and or in logs it showed natted SMB ports to the loopback. Ports with the loop back just like this image you have with dns port 53. It's gone now. I deleted my logs after a reset and it is gone now. It was about 3-5 items of them port 445.
-
@jonathanlee pfsense would not be creating connections to smb, unless you installed samba on pfsense? Horrible idea btw.
you sure they were not to 443?
Where you doing something with nat reflection?
-
@johnpoz thank for the reply. No I have a Raspberry Pi running as a NAS separate from the firewall on our lan. I am also running development mode. There is only pFsense firewall packages on the Netgate. Yes I was sure I saw 445 natted it is gone now. I will check again and get a screenshot of it. I set the DNS back to local 127 loopback first.
