Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No access to SQLServer and MS Shared Folder

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 5 Posters 1.0k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      darkcorner
      last edited by darkcorner

      All my tests on pfSense were needed to be able to replace a firewall with pfSense.

      This is the scenario:
      in LAN

      • 4 PCs with IP 192.168.101.101/2/3/4

      in DMZ

      • 1 Windows Server with SQLServer with IP 192.168.102.11
      • 1 Debian server with a shared folder in SMB/CIFS with IP 192.168.102.12
      • 1 Win10 PC with a shared folder with IP 192.168.102.13

      The 4 PCs are able to access the two shared folders and launch the programs that use SQLServer

      So, I change the old firewall with pfSense
      in LAN there are two rules
      *From=LAN Net, Ports=Those-for-Shared-Folder, to=DMZ Net
      *From=LAN Net, Ports=Those-for-SQLServer, to=DMZ Net

      Now the PCs see the shared folder on Debian, but they don't see the one on the Win 10 PC and neither SQLServer.

      Maybe on the old firewall there are other ports and therefore I insert on pfSense, first of all the rules

      • From=LAN Net, Ports=Any ,to=Any

      Same situation: access only to the shared folder on Debian.

      I turn off pfSense, turn on the old firewall and everything works again.

      I lost all Sunday doing all the tests I could and looking at all the logs, but I couldn't figure out where I'm wrong.

      It would be enough for me to understand now what test I can do now to find the error.

      KOMK GertjanG 2 Replies Last reply Reply Quote 0
      • KOMK Offline
        KOM @darkcorner
        last edited by

        @darkcorner Windows Firewall perhaps? Did you try turning it off on the Windows server and WIn10 box just to check? Any time traffic appears to be blocked, check the pfSense Firewall log. If nothing is being blocked, use Packet Capture to see that the traffic is entering the LAN interface and exiting the DMZ interface.

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          darkcorner @KOM
          last edited by

          @kom said in No access to SQLServer and MS Shared Folder:

          @darkcorner Windows Firewall perhaps? Did you try turning it off on the Windows server and WIn10 box just to check? Any time traffic appears to be blocked, check the pfSense Firewall log. If nothing is being blocked, use Packet Capture to see that the traffic is entering the LAN interface and exiting the DMZ interface.

          I thought so too, but it can't be the windows firewall because it would also block traffic with the old firewall.
          Unless pfSense needs some other configuration, but it would seem strange to me.

          1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @darkcorner
            last edited by

            @darkcorner said in No access to SQLServer and MS Shared Folder:

            From=LAN Net, Ports=Any ,to=Any

            Like :

            6e2faf08-a44f-405b-b309-85164256c825-image.png

            this rules passes everything to everything.

            Run the packet capturing on LAN to see your 'SQL server ' and 'file system' packets.
            Do the same test on DMZ : you should see them also on that network.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • D Offline
              darkcorner
              last edited by

              This afternoon I did some other tests, tomorrow I will do some more complete ones.
              At the moment the situation has not changed.
              The 4 PCs of users all see the NAS with the shared folders in Samba, so the Any to Any rule works, of course.
              But they do not see the shared folders of the Windows PC and there is no reason why they do not see them since they are the same PCs and the same server that instead work with IPFire.
              It is as if IPFire allows something more than pfSense, or vice versa.
              Or there is some mistake of mine that I can't see.

              A 1 Reply Last reply Reply Quote 0
              • A Offline
                akuma1x @darkcorner
                last edited by akuma1x

                @darkcorner On your 2 LAN networks (LAN and DMZ), what are your subnet mask sizes set to? They should be a /24 size network. And, also verify on your hosts (the servers on the DMZ and the PCs on the LAN network), that their subnet masks are correct. Everything should be set to size /24.

                Do all of the machines also show the correct gateway? That matters too.

                1 Reply Last reply Reply Quote 0
                • D Offline
                  darkcorner
                  last edited by darkcorner

                  This afternoon, doing all the possible tests, I discovered that the problem is not in pfSense, but it was in PCWin 10 which was configured as a public network.
                  Changed as a private network, the folders are finally shared by the PCs on the LAN.

                  But I don't understand why with the other firewall (IpFire) everything works without changing the folder sharing settings on this PC.

                  Thank you all for your interest and your suggestions.

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator @darkcorner
                    last edited by johnpoz

                    @darkcorner said in No access to SQLServer and MS Shared Folder:

                    But I don't understand why with the other firewall (IpFire) everything works without changing the folder sharing settings on this PC.

                    When you changed the gateway of your PC - ie exchanged your ipfire for pfsense, its quite possible it changed to public policy vs private policy.. Even if the IP of the address of the gateway was the same, the mac address would of changed - and this could trigger the PC firewall to flip its policy..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                    D 1 Reply Last reply Reply Quote 1
                    • D Offline
                      darkcorner @johnpoz
                      last edited by

                      @johnpoz said in No access to SQLServer and MS Shared Folder:

                      When you changed the gateway of your PC - ie exchanged your ipfire for pfsense, its quite possible it changed to public policy vs private policy.. Even if the IP of the address of the gateway was the same, the mac address would of changed - and this could trigger the PC firewall to flip its policy..

                      Yours is an interesting opinion to be held in high regard in the future.
                      Thank you.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.