Pfsense / Windows 10 Pro / File sharing with Iphone.
-
Ok, here's the deal, I got pfsense up and running. I have added a server to my LAN network, with an external hard drive ( WD MyBook 8T- ExFAT) to act as my NAS. No problem so far. My other computers on the LAN can see the drive, edit, copy, add files. Etc.
But, when I try to connect the FILES app on my iPhone, I can see the drive, connect to it, but it says "READ" at the bottom and I can't see any files or save anything to it.
I've checked, Sharing, Windows Firewall, Permissions, and I'm signing in as Admin with a password.
What am I doing wrong?
-
Your iphone is presumably connecting via WIFI, is the access point also on the LAN subnet?
If so that traffic never goes through pfSense so it would have to be something in the AP or switch maybe.
Steve
-
I have the LAN and WiFi (VLAN) networks segregated by subnet. However, I can ping and connect to my server and the NAS via my iPhone, it's just that I can't do anything anything after I'm connected. I can see the folder but it's "READ ONLY' according to the FILES app. I've gone into permissions on Windows and given "Admin" full control of the drive. Read, Write, Change. nothing works.
-
@mitch-rapp
The "FILES" app is a little ambiguous about the Login credentials.Guest
Registered UserUsername:
Password:I'm assuming it should be filled out thus:
Registered User: Check
Username: Admin (windows account name)
Password: ******** ( Windows User Account password) -
@mitch-rapp Verify the NTFS and Share Permissions allow access. Share permissions filter what NTFS permissions are allowed. Share permissions default to read only.
Such as, Read Only share permissions and Full Control NTFS permissions equals read only. -
@andyrh said in Pfsense / Windows 10 Pro / File sharing with Iphone.:
Such as, Read Only share permissions and Full Control NTFS permissions equals read only.
Ok, thank you. Verifying now. But, I'm a little confused by the last statement. I think what you are saying is if two or more are checked, that equals read only?
Should:
Full Control: = checked
Change: = checked
Read = CheckedOr just
Change = checkedfor my family members. I don't want them to delete anything by accident but I do want them to access the drive.
Also, should the Object type be set to "everyone" or "registered user" or ??
-
@mitch-rapp The best way to secure a share is with NTFS permissions. We allow all three on the share and change the NTFS to control security.
If you want to allow some to do things and deny others you will need more than one account.
Everyone is all 7 billion of us, registered user is limited to the accounts on the Windows system. Full control allows you to change permissions and everything else, Change does not allow you to change permissions, but allows you to read/write/change files.
Perhaps 2 groups, Family_Read and Family_Full, putting the accounts in the groups as needed.
Start with full control, once it is working start reducing the access. -
@andyrh
Hey, wait a second. The file system on the WD Mybook is exFAT, not NTFS. -
@mitch-rapp Sorry, missed that. exFAT has no security, you only have share permissions to work with.
-
@andyrh
All permissions are set. I can see the folders but no content.Could it be a Windows SMB protocol? All that is enabled is SMB direct.
SMB 1.0/CIFS File Sharing Protocol has three choices
Automatic Removal
Client
ServerShould one or all of those be enabled ?
-
@mitch-rapp With exFAT on the back, as long a read is enabled you should be able to see files.
Go with the SMB defaults, those are typically meant to work. I have no experience with a WD MyBook so I cannot advise past the share permissions. -
@mitch-rapp said in Pfsense / Windows 10 Pro / File sharing with Iphone.:
SMB 1.0/CIFS File Sharing Protocol has three choices
SMB 1? That is not secure at all - and has been deprecated many years ago.. MS turned it off by default back in 2017.. It was used in the wannacry ransomware, etc.
You really really shouldn't be using that - smb2 would be min, 3.1.1 is current..
Its quite possible your not seeing anything because your client doesn't support smb v1
-
I finally got it to work. Believe it or not, I experimented quite a bit and finally changed the format from exFAT to NTFS and it started working fine. Goes against everything I read on Google. Who knew you couldn’t trust the internet.
️
