Can't access CFS/SMB on different network. Correct firewall rules?

  • Well I moved my ESXi machine into the closet and connected it to Pfsense OPT1 which is on a different subnet. I just created a rule to pretty much allow everything between OPT1 and my LAN, and that is working.
    I can ping between subnets.
    I can connect to my ESXi machine with vSphere Client tools.
    I can transfer data and access the internet.

    However, I can't access some services on the ESXi subnet from the LAN.
    (Those services are CFS/SMB shares from FreeNAS)

    Any idea what is going on here? I should be able to access everything from one subnet to the other with the proper "Allow anything through" rule, right? Maybe my firewall rules are incorrect?

  • Rebel Alliance Developer Netgate

    Are you trying to access by IP address or by name?

    Have you tried any packet captures to see what is happening?

    I don't use FreeNAS but I know Samba likes to lock things down by subnet itself, you may also need to setup some kind of access on the NAS box itself.

  • To access by name you must set an override in pfSense for DNS to work. It should always be accessible via IP.

    Since everything but SMB access works try specifically allowing SMB ports (137-139, 445 all TCP). Might also want to check FreeNAS' Firewall, I have it enabled but even if I do a block/deny for all but specific subnets, everyone can still ping it, but cant do anything else (there is no ping rule), so try accessing its web interface. It took some work to get the FreeNAS Firewall working almost exactly the way I wanted.

  • The easiest way I have found to solve this problem is to use Active Directory Sites and Services. Everything works fine then.

Log in to reply