Lan Wifi Bridge Initial Protection? (NEWB help)
-
@johnpoz. To define PITA:
With 'IPv4 TCP 445' 'pass all' '445 (MS DS)' on both LAN and WIFI I can PING across the segment fine.
Accessing a Windows share from Linux, Mac, Android works as before -> but I do not care about accessing a Windows share.Accessing a SMB share on my unraid NAS does NOT work. I can ping the IP, but any access attempt returns a Connection Time Out / Unable to Connect to the Server. Also, these SMB shares do not show up in the network browse.
-
Accessing a SMB share on my unraid NAS does NOT work. I can ping the IP, but any access attempt returns a Connection Time Out / Unable to Connect to the Server. Also, these SMB shares do not show up in the network browse.
Your nas device may have some time of network ACL you may need to configure.
Just a guess on my part. -
1 - Skipping the bridge as it appears some aversion to this exists (still researching why).
2 - Done messing with the segmented network, over 18 hours in tinkering and no joy on proper SMB/Network browsing across different base operating systems.
3 - Using a very cheap Wifi router with DD-WRT installed as per Derelict (thanks) - appears to work GREAT.I have a e4200 on the way along with some heatsinks and external antenna kit (6 High Gain Antennas [2x2dBi, 2x6dBi, 2x9dBi] and 6 U.Fl cables, 3 of them RG178 clip on with IPX connectors and 3 RG316 no connectors for soldering) to replace the $20 low range el cheapo special.
Thanks for all the help/advice/opinions.
-
1 - Skipping the bridge as it appears some aversion to this exists (still researching why).
For what it's worth, my aversions on the subject of bridging:
Bridging two ethernet router ports because someone is too damn cheap to buy a switch. You'd be surprised how often this brain damage comes up.
Also, for what it's worth, my aversions to built-in Wi-Fi cards:The support is getting better but is still YEARS behind what you get with something like a Ubiquiti and it will never compare with Ruckus/Aruba and, I guess, Aerohive/Cisco, etc.
Why wrestle with spotty support when you can just plug in an AP and be done? Any decent wireless router from a big-box store will make a better AP than a wi-fi card.
That, and you can't put the wi-fi and wired clients on the same subnet without a bridge… :)
-
Bridging: I have a SG100-16 unmanaged switch, populated with 6a cable, having long ago dismissed the desire for the router to pull switch duty too. Coming from the world of prosumer Routers with Lan and Wifi integrated into a single box, I ASSUMED the $75 add-on would not cause many issues.
Aversion: This I did NOT know and is a SOUND reason to avoid. You have also brought up a few companies I have never looked into - they appear to have VERY nice WLAN APs! If my Antenna/Heatsink/DD-WRT modded e4200 does not pass muster, I will likely check out the Ubiquiti AP.
Rather than waste the internal WLAN, I am setting up a guest network that only has access to the WAN. I will also put the few less secure devices onto this (Sony Blu-Ray/Netflix terminal).
Thanks again for the help EVERYONE :)
-
"Accessing a SMB share on my unraid NAS does NOT work. I can ping the IP, but any access attempt returns a Connection Time Out / Unable to Connect to the Server. Also, these SMB shares do not show up in the network browse."
Who gives a shit about network browse?? Come on really you don't know the name of your server? But if you want that to work then you have to have browse masters on both segments or use wins, etc.
Here is my ubuntu box run samba, can access it just fine from my dmz segment.. I had a windows 7 vm handy.. But this works just as easy from another linux box..
So put in the 1 firewall rule. As you can see try to net view and fail - then I auth as account and there you go net view works, net use works, and can connect and use the share just fine. Check with your nas maybe its not listening on 445 and using the old school netbios ports 137-139?
-
"Who gives a shit about network browse??"
My wife who is NOT techie, uses a Mac for personal work and a 8.1 machine for business -> all files saved to the NAS.
…It took me years to get her comfortable with using the NAS via SMB under network browse. She REFUSED to have backup software (after a Tech at her business said she should never use backup software (OMG)), so every-time she saved 'an important doc' she would rush to me and ask me to make a backup copy to the server. Typing the name of the server would result in a meltdown for her and persistent smb mapping is not stable on the MacI will double check the NAS SMB port as I do not like knowing WHY this has not been working, likely this upcoming weekend. For now the cheap WIFI AP plugged into the LAN via a Switch works fantastic.
Thanks again.
-
Map the thing for her and put a short cut on her desktop..
Have it reconnect on reboot, etc.. Not like users going to do that command every time they want to use something. Just map it for them to a drive letter or folder even. Or if you create a account that matches them and their passwords match on window box for example you can just have a shortcut on your desktop that just points to the unc
Yeah just using an AP is very easy and simple.. Why anyone would not use AP to give them the best coverage vs trying to use built in wifi on the router another mystery ;) I could see where wifi on the router might be a nice out bound connection option, etc. I don't really see it as actually being the AP for users.
Use a 20$ wifi router as just AP, or have even more fun with actual AP placed around the location for best coverage and usage. Im a big fan of the unifi stuff.. Decent price point.. 70$ gets you their low end model, $200 the Pro and $300 gets you the AC model.. I have the AC model and very pleased with its performance..
-
Mapping on the Mac is not so friendly (and I really have no desire to learn Mac anymore than I must) - the browse has worked well for her however.
Static Mapping on Ubuntu is much easier, and even my grandmother can map on Win (it has a few redeeming factors).
I purchased the internal Wifi in ignorance from the pfsense store, I would not do so again.
Currently I have a e4200 with a full blown external antenna kit / DD-WRT coming my way (all under $100) -> mainly because I am very comfortable with DD-WRT.
The Ubiquiti/Unifi APs look great - i will pick a UAP-AC next month to decide which I prefer to use.
-
now to tackle SNORT :)
-
Mapping on the Mac is not so friendly
What?? Dude really, come on - I don't even use mac and know how to do this ;)
Finder, connect to server - put in the details.. There you go its on your desktop
Remember Apple stuff just works ;) Do you need a picture? I could always fire up a OS X vm..
-
I’ve beat this bush to a bloody pulp mate! Initial Mac mapping works, persistent mapping does not.
The least annoying method I found was here: http://www.howtogeek.com/howto/21600/mount-a-windows-share-in-os-x-and-have-it-reconnect-at-login/On top of this I also checked the Hide box in the login items list so the finder window would not pop up each network drive map into its own finder window upon each login.
The rub 1 – anytime she takes the laptop onto another network (i.e. starbucks) the finder clears inaccessible mounts
The rub 2 – the mounts only login upon initial login. She has to shutdown the laptop rather than letting it sleep or else the login is not retained… and then it is not accessible… and then it clears out of the finder window.THANKFULLY… SMB network browsing works fine for her :P [but only when on the same segment!]
-
Currently I have a e4200 with a full blown external antenna kit / DD-WRT
The Ubiquiti/Unifi APs look great - i will pick a UAP-AC next month to decide which I prefer to use.
The modded e4200's gives me a medium signal from close by to the edge of my property
The uap-ac gives me a strong signal to the edge of my home and the near yard.
The e4200 takes a couple hoops to setup dd-wrt and position the external antennas, plus the added cooling fans are a bit loud and the drilling/soldiering is not for everyone.
The uap-ac requires both flash and java to be installed for setting up the interface (grr…. time to uninstall!). You also need to set the interface to DHCP (as in, it uses the DHCP server of the router) . No fans and barely warm to the touch :)
Brand new, the cost is a wash, however used 1st gen e4200+mod kits can be had for 1/3 the uap-ac.
I like having silence, cool running, strong signals... but may need to pickup an outdoor antenna or two to reach the edge of my yard.
