Windows shares / netbios ?!!? [SOLVED]



  • Hi,

    I recently set up multiwan enviroment with pfSense…
    I know a little about NAT and Firewall.
    NAT translates addresses beween networks, and firewall disables/enables traffic.

    So now i need to enable some netbios ports LAN to LAN.
    I did this with firewall rules destination LAN net. source LAN.net.. and then GATEWAY ?!?!?
    Why do i need a gateway for this ?.. well i could't select LAN interface so i choosed "default".

    Then UDP netbios traffic blocking messages dissapeared from firewall log. No "allow" messages were there also (i had logging on) !
    But i got some weird UDP traffic (not on netbios ports at all) wetveen both WAN interfaces... on UDP.. which netbios uses.

    So how do i enable NetBIOS.. ? ? ?  ???
    It's kind of critical thing in windows networking...
    Printer sharing, File sharing, Backup programs are all dead at the moment.

    ------------------------ solution:

    1. netbios traffic was LAN subnet traffic, so pfsense didnt have to route any of it.
    2. i had two subnets running on same swithes... one or more of them were without VLAN support.. this was the real cause
    3. after removing one subnet netbios traffic was OK and windows networking also.


  • What do you mean with LAN to LAN? Traffic on the same interface won't traverse the firewall and nothing will be blocked. The Clients talk directly to each other from one switchport to the other without the pfSense in between. You couldn't even block that traffic with pfSense, even if you wanted to.



  • :-\ i thought that for a second… its wird
    But the thing is... netbios traffic was OK without pfsense box, so what else could be the problem ?
    Im now also using the 172.16.0.0 /16 for LAN... could this be the problem ? don't think so.

    PS: i also have 192.168.0.0 /24 running in same switches with 172... maybe it's this :o ?
          WAN1 is a PPPoE router in 192... network. pfsense WAN1 is connected to same switch, but its in 192...



  • Your networks sounds a bit weird to me atm. Can you give us some more details? Why do you have 2 different subnets in your LAN?



  • I ll draw a bit then…

    [WAN2]–-[pfsense]
                          #
                          #
                          #
                    [switch]–- [switch]–- [switch]–-[WAN1]

    WAN2 goes directly to pfsense because its in the same room.
    WAN1 is in the other room, so it creates a lan 192.168.0.0 /24 and pfsense connects to it with WAN1 interface.
    Most switches have computers connected to them.. their all in 172.16.0.0 /16 network, as is pfsense LAN interface.



  • I still don't get it. So you have 2 wan and one lan?

    WAN-subnet 192.168.0.0/24
    WAN2-subnet public?
    LAN-subnet 172.16.0.0/16

    WAN and LAN are 2 interfaces but both connected to the same series of switches.

    Is that on the very far right of your drawing (WAN1) another router? If yes, does it still do DHCP? In that case some of your clients might end up in the 192.168.0.0/24 subnet and other clients in 172.16.0.0/16 if there is a dhcp server on pfSense as well.

    This setup is pretty bad practice but I guess you ended up with it as you don't have enough cables running between the switches?

    On the other hand, maybe I haven't understood your setup at all  ::)



  • @hoba:

    I still don't get it. So you have 2 wan and one lan?

    Yes, all have their interfaces too.
    @hoba:

    WAN and LAN are 2 interfaces but both connected to the same series of switches.

    Yes, and WAN2 directly to pfsense WAN2 interface
    @hoba:

    Is that on the very far right of your drawing (WAN1) another router?

    Yes
    @hoba:

    If yes, does it still do DHCP?

    No.. i checked pfsense dhcp leases.. all PC-s there.
    @hoba:

    This setup is pretty bad practice but I guess you ended up with it as you don't have enough cables running between the switches?

    Yep.. plan to fix it in near future, if i get the equipment and time.

    So could it be that PC-s do netbios over WAN1 router, though their in pfsense LAN ?
    Something very bad disturbs microsoft networking atm.



  • Your switches don't happen to be VLAN capable?

    What happens if you break it down to the basics and get rid of WAN1 on pfSense and WAN1 on modem side temporarily?



  • done, i will try in some hours do some windows networking… hope it works then.

    It seems that yes, my switches were not VLAN capable.
    Finally i totally replaced the WAN1 router with a switch - it had 3 PC-s connected to its switch board.
    And windows networking is up and running.

    As we had dual wan, the users didn't eaven feel a thing.
    Thanks for the help.


Locked