Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Windows Share problem

    Firewalling
    3
    15
    3618
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krisken last edited by

      Dear,

      I have a dual wan setup at home with a lot of interfaces/ip ranges:

      • 10.0.0.1/24 for pfsense, switch, voip ata's, LAN disks, computers connected to LAN, …
      • 10.101.0.1/24 (vlan) for private wifi usage (all wireless devices from myself and my girlfriend such as laptop, netbook, phone, tablet, ...)
      • 10.102.0.1/24 (vlan) for trusted wifi usage (wireless devices from friends and neighbours)
      • 10.103.0.1/24 (vlan) for public wifi usage (wireless devices from people i don't know, but just wants to surf the internet)

      All wireless connections goes tru the Meraki AP (Meraki MR12) which supports the vlans.  All internet connections work perfect including landing pages, ip ranges etc.  Also email, msn, ftp, ssh, ... work great!

      One of my LAN disks has ip 10.0.0.31.  When my netbook is connected to the switch (and gets an 10.0.0.31/24 ip), i can access it perfectly.  But when connected to wifi-private i can't access the windows share (\10.0.0.31).  Only the webserver (http://10.0.0.31) works.

      Can someone please help me with this issue?

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi last edited by

        What firewall rules and what outbound nat rules you have concerning this setup?

        1 Reply Last reply Reply Quote 0
        • K
          krisken last edited by

          Dear Metu69salemi,

          i've made some screenshots for you so you can get a clear view of the setup.
          There can be some mistakes because i've tried to fix it using trial and error :)

          Dashboard : http://kris.derocker.name/pfsense/windowsshare/dashboard.jpg
          Outboud NAT : http://kris.derocker.name/pfsense/windowsshare/firewall-nat-outbound.jpg
          Firewall rules LAN : http://kris.derocker.name/pfsense/windowsshare/firewall-rules-lan.jpg
          Firewall rules WIFIPRIVATE : http://kris.derocker.name/pfsense/windowsshare/firewall-rules-wifiprivate.jpg

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi last edited by

            You may need new rule on manual outbound nat as:
            from privatewifi to lan check the box DO NOT NAT

            1 Reply Last reply Reply Quote 0
            • K
              krisken last edited by

              I've tried these settings without effect…

              WIFIPRIVATE  10.0.0.0/24 * * * * * NO
              LAN  10.101.0.0/24 * * * * * NO
              WIFIPRIVATE  10.101.0.0/24 * 10.0.0.0/24 * * * NO
              LAN  10.0.0.0/24 * 10.101.0.0/24 * * * NO

              Lan = 10.0.0.1/24 range
              WIFIPRIVATE = 10.101.0.1/24 range

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi last edited by

                did you change the order that more specific is uppermost?

                1 Reply Last reply Reply Quote 0
                • C
                  cmb last edited by

                  I don't see any reason you need manual outbound NAT, better to use automatic, it won't NAT between internal subnets which is what is breaking your Windows share.

                  1 Reply Last reply Reply Quote 0
                  • M
                    Metu69salemi last edited by

                    ok, thanks for the info, it was new to me also.

                    1 Reply Last reply Reply Quote 0
                    • K
                      krisken last edited by

                      I use manual NAT because i also route some IP blocks (external IP's)

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb last edited by

                        @krisken:

                        I use manual NAT because i also route some IP blocks (external IP's)

                        Ok, in that case just make sure you don't have outbound NAT rules matching traffic between internal networks.

                        1 Reply Last reply Reply Quote 0
                        • K
                          krisken last edited by

                          Dear,

                          I don't think i have…do i?

                          1 Reply Last reply Reply Quote 0
                          • C
                            cmb last edited by

                            Too many interfaces there in outbound NAT and not enough context to tell. Run a constant ping to the NAS, and check Diagnostics>States. Should just show two IPs there, not a third in the middle where it's translating it. If that's good, then your problem is almost certainly the NAS is setup to not serve Windows shares to off-subnet hosts. For instance Samba has a config option that lets you restrict what IP subnets it will serve, if it's a Windows host, the default Windows firewall settings commonly block all off-subnet file access.

                            1 Reply Last reply Reply Quote 0
                            • K
                              krisken last edited by

                              This is what i get with ping :

                              icmp 10.0.0.31:768 <- 10.101.0.2 0:0
                              icmp 10.101.0.2:768 -> 10.0.0.31 0:0

                              10.0.0.31 = NAQ
                              10.101.0.2 = laptop using wireless

                              1 Reply Last reply Reply Quote 0
                              • C
                                cmb last edited by

                                Then you aren't NATing, so that much is good. Problem is on the server then, what I noted in my last post.

                                1 Reply Last reply Reply Quote 0
                                • K
                                  krisken last edited by

                                  cmb,

                                  Thanks for your support, time and answers!

                                  1 Reply Last reply Reply Quote 0

                                  Products

                                  • Platform Overview
                                  • TNSR
                                  • pfSense
                                  • Appliances

                                  Services

                                  • Training
                                  • Professional Services

                                  Support

                                  • Subscription Plans
                                  • Contact Support
                                  • Product Lifecycle
                                  • Documentation

                                  News

                                  • Media Coverage
                                  • Press
                                  • Events

                                  Resources

                                  • Blog
                                  • FAQ
                                  • Find a Partner
                                  • Resource Library
                                  • Security Information

                                  Company

                                  • About Us
                                  • Careers
                                  • Partners
                                  • Contact Us
                                  • Legal
                                  Our Mission

                                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                  Subscribe to our Newsletter

                                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                  © 2021 Rubicon Communications, LLC | Privacy Policy