Synology DS918+ & Netgate 2100
-
I have a strange problem!!
Let me explain.
I have two LAN SUBNETS
LAN1: 192.168.0.XXX AND
LAN2: 172.16.0.XXXLAN2 is IoT and cannot access LAN1 but LAN1 can access LAN2 (configured in netgate 2100) - This setup works very well.
Now the kicker!
My DS918+ has 2 LAN connection.
LAN1 is connected to 192.168.0.xxx
LAN2 is connected to 172.16.0.YScenario 1
Windows 11 PC connected to LAN1 and smb is visible on the file explorer
(\\{nasname})Scenario 2
Windows 11 PC connected to LAN2 and smb is not visible.
using cmd line ipconig/all shows my PC is connected to LAN 2 172.16.0.xxx
Pinging my nas at 172.16.0.Y fails!
However, I am able to access the GUI using address http://172.16.0.Y:5000/ in the browser!!!!Any suggestions how to troubleshoot?
-
Windows will not discover devices across subnets. The SMB discovery traffic only works within the local subnet.
When you tried the
pingcommand, did you use the hostname of the Windows 11 PC or its IP address? You can't use the hostname without properly configuring a DNS server with the correct entries. You can do this with host overrides in the DNS Resolver. If you used the actual IP address, then make sure your firewall rules are allowingicmptraffic. The three primary protocols aretcp, 'udp, andicmp`. You must make sure your firewall rules allowing communication between your two IP subnets are properly configured to all all necessary protocols.You GUI access using HTTP directly to an IP address will work across subnets.
-
@bmeeks My PC was disconnected to subnet LAN1 and connected to LAN2 (172.16.0.XXX) - Hence my pc and the synology (LAN2) were in the SAME subnet - On identical subnets (LAN2) unable to ping 172.16.0.Y (NAS)
-
@netboy said in Synology DS918+ & Netgate 2100:
@bmeeks My PC was disconnected to subnet LAN1 and connected to LAN2 (172.16.0.XXX) - Hence my pc and the synology (LAN2) were in the SAME subnet - On identical subnets (LAN2) unable to ping 172.16.0.Y (NAS)
If they were in the same subnet, and you tried to ping by IP (and not by name), then one of the two devices either has the wrong netmask setting, or one of them has an active host firewall. Windows is notorious for this.
When two devices are on the same subnet and have the same netmask, the pfSense firewall is 100% out of the picture as traffic will flow only between the two switch ports. I am assuming you have an Ethernet switch or two such as one Ethernet switch for each of your two LANs.
-
What Bill said but to expound a bit Windows defaults networks to Public unless they are marked Private when first connected. Annoyingly they don’t use those words it asks something like “do you want your PC to be discoverable” and if you say no it’s marked public. Which triggers a different set of firewall rules often even with third party a/v.
-
hey there,
remember: in case two device are on the same subnet, pfsense (or any) have nothing to do with any routing (no routing necessary since same subnet).
So I would rather check synology's firewall and windows's defender/firewall...
:) -
@bmeeks said in Synology DS918+ & Netgate 2100:
If they were in the same subnet, and you tried to ping by IP (and not by name), then one of the two devices either has the wrong netmask setting
How to tell...Can you please let me know how to figure out if they have the WRONG netmask?
-
@SteveITS said in Synology DS918+ & Netgate 2100:
What Bill said but to expound a bit Windows defaults networks to Public unless they are marked Private when first connected. Annoyingly they don’t use those words it asks something like “do you want your PC to be discoverable” and if you say no it’s marked public. Which triggers a different set of firewall rules often even with third party a/v.
How to make it private? Can you kindly illustrate to how can I achieve this?
-
@netboy
History
This all started when I tried to connect my sonos (LAN2) to synology which is on LAN2 - I was uaable to ....So it appears like synology is blocking the connection ....Then I tried PC in LAN2 to connect to synology in LAN2 and same thing...unable to connect -
@netboy said in Synology DS918+ & Netgate 2100:
How to tell...Can you please let me know how to figure out if they have the WRONG netmask?
That is networking 101 ...
. Here is a good tutorial from CloudFare: https://www.cloudflare.com/learning/network-layer/what-is-a-subnet/#:~:text=A%20subnet%2C%20or%20subnetwork%2C%20is,routers%20to%20reach%20its%20destination. -
@netboy said in Synology DS918+ & Netgate 2100:
How to make it private?
This wouldn't really have anything to do with accessing your nas from your PC.. But it would have to do with your PC being accessed by other things on your network.. When in public mode, firewall is going to be more restrictive for inbound traffic, etc..
If you can not ping or access your smb shares on your nas - by IP.. And they are on the same network that screams firewall on the nas.. Even more so if you can access dsm via your browser.
Personally I have little use for the "nas" firewall, its on my trusted network.. Pretty much just my PC and the nas on this network - and the management IPs of my switches.. I have the nas firewall turned off.
-
@johnpoz I think you NAILED it - My assumption is if I disable firewall in my NAS this should work - Let me try this and get back
-
@johnpoz It worked!!!! Thanks a ton to ALL for help - Sonos can see my library!!!
-
@netboy Just to be clear, just because I have mine disabled, doesn't mean its a good idea for your network.. You have to make that decision based on your own concerns for the security of your network..
But this shows you for sure it was firewall on your NAS, so depending on your needs/concerns you may want to re-enable it and set appropriate rules for your neeeds.
-
@johnpoz I completely understand....my NAS is on the trusted network (LAN1) and any user on LAN2 has ONLY read priviledges....I do understand
-
@netboy Another question....
When my NAS firewall was ON, how come my kodi which is on LAN2 was able to access my shares in the NAS?
-
@netboy from what you posted you have 2 different Ips on your nas - so depending on what IP you were hitting, and what the firewall was setup to allow, etc.
-
@johnpoz My kod is on LAN2 (172) and my "secondary" LAN in synology has a LAN2 ip address. So both are in the SAME network and naturally my kodi was able to access the shares (firewall was on in synology) but I do not have any special configuration in my nas (allow or block in my synology NAS firewall is not configured). I do have some "applications" like audio, video etc configured on my synology nas that all source IPs can access.
My question is how kodi (with nas firewall ON) can access my shares and not SONOS? btw kodi and sonos are on the same LAN2 subnet.
Obviously synology is blocking but I am unable to figure this out
-
@johnpoz said in Synology DS918+ & Netgate 2100:
This wouldn't really have anything to do with accessing your nas from your PC.. But it would have to do with your PC being accessed by other things on your network.. When in public mode, firewall is going to be more restrictive for inbound traffic, etc..
FWIW I would normally agree but Bitdefender for instance blocks printing to a public network, because otherwise the PC may detect and try to install drivers off an untrusted printer/print server. In any case that wasn’t the issue here.
-
@SteveITS said in Synology DS918+ & Netgate 2100:
Bitdefender
Did I miss where he said he was running bitdefender, and not just default windows firewall?
