Routing Problem

  • Hello everyone,

    I have a routing problem. That should be very simple. But I`m trying days to get this simple problem fixed with no luck.

    I have three machines at my Xencenter

    V-ETH-Interface IP:
    Service Samba running on Ports 137-140

    PFsense FW
    re1/WAN Interface
    V-ETH-Interface IP:

    re0/LAN Interface
    V-ETH-Interface>2< IP:

    Windows 7 Client
    V-ETH-Interface>2< IP:

    I want to connect to the IP Adress to access the windows share that is running on Server1.

    But this does not work. I tried soo many things. Port Forward, 1:1, Outbound(automatic, manual). Firewall Rules from WAN to LAN and LAN to WAN…
    I really dont know how to get this to work. I hope someone can help me out. (I connected the V-ETH-Interface to the Windows 7 to test if Samba works, and it is working, then I disconnected it)

    The Web Interface works @ on the Windows 7 Client.

    Thanks for youre help.

    greetings Nand

  • I cannot see what your setup will be good for. But that is your business.

    The most likely mistake that is made in such setups is to forget to remove the check "Block private networks" on WAN interface tab.
    Your WAN is in a private network. So check this out, please.

  • After you verify you aren't blocking private networks you need to set up port forwards for TCP and UDP for ports 137, 138, 139, and 445. Do not use 1:1 on your WAN IP that is meant to be used with an IP alias. You will also need make rules for all of the forwards on the WAN interface to the internal private IP ( or check the box to do it automatically when you create the port forwards.

    I just reread your original post and it looks like you're doing it backwards. Your LAN and WAN interfaces are switched around. You should be able to connect directly from the windows pc to the server using it's own address with the default LAN to any rule. Is there any particular reason you're doing this? Typically port forwards are to allow external access to internal resources (which you shouldn't do with Windows shares anyway).

Log in to reply