Netgate m1n1wall

Author Topic: Windows Share problem  (Read 2046 times)

0 Members and 1 Guest are viewing this topic.

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Windows Share problem
« on: April 12, 2012, 04:04:59 am »
Dear,

I have a dual wan setup at home with a lot of interfaces/ip ranges:
- 10.0.0.1/24 for pfsense, switch, voip ata's, LAN disks, computers connected to LAN, ...
- 10.101.0.1/24 (vlan) for private wifi usage (all wireless devices from myself and my girlfriend such as laptop, netbook, phone, tablet, ...)
- 10.102.0.1/24 (vlan) for trusted wifi usage (wireless devices from friends and neighbours)
- 10.103.0.1/24 (vlan) for public wifi usage (wireless devices from people i don't know, but just wants to surf the internet)

All wireless connections goes tru the Meraki AP (Meraki MR12) which supports the vlans.  All internet connections work perfect including landing pages, ip ranges etc.  Also email, msn, ftp, ssh, ... work great! 

One of my LAN disks has ip 10.0.0.31.  When my netbook is connected to the switch (and gets an 10.0.0.31/24 ip), i can access it perfectly.  But when connected to wifi-private i can't access the windows share (\\10.0.0.31).  Only the webserver (http://10.0.0.31) works.

Can someone please help me with this issue?

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #1 on: April 12, 2012, 04:27:58 am »
What firewall rules and what outbound nat rules you have concerning this setup?

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #2 on: April 12, 2012, 11:48:48 am »
Dear Metu69salemi,

i've made some screenshots for you so you can get a clear view of the setup.
There can be some mistakes because i've tried to fix it using trial and error :)

Dashboard : http://kris.derocker.name/pfsense/windowsshare/dashboard.jpg
Outboud NAT : http://kris.derocker.name/pfsense/windowsshare/firewall-nat-outbound.jpg
Firewall rules LAN : http://kris.derocker.name/pfsense/windowsshare/firewall-rules-lan.jpg
Firewall rules WIFIPRIVATE : http://kris.derocker.name/pfsense/windowsshare/firewall-rules-wifiprivate.jpg

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #3 on: April 12, 2012, 05:36:04 pm »
You may need new rule on manual outbound nat as:
from privatewifi to lan check the box DO NOT NAT

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #4 on: April 12, 2012, 05:54:36 pm »
I've tried these settings without effect...

WIFIPRIVATE      10.0.0.0/24    *    *    *    *    *    NO
LAN      10.101.0.0/24    *    *    *    *    *    NO
WIFIPRIVATE      10.101.0.0/24    *    10.0.0.0/24    *    *    *    NO
LAN      10.0.0.0/24    *    10.101.0.0/24    *    *    *    NO

Lan = 10.0.0.1/24 range
WIFIPRIVATE = 10.101.0.1/24 range

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #5 on: April 13, 2012, 04:53:59 pm »
did you change the order that more specific is uppermost?

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Windows Share problem
« Reply #6 on: April 14, 2012, 12:17:27 am »
I don't see any reason you need manual outbound NAT, better to use automatic, it won't NAT between internal subnets which is what is breaking your Windows share.

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #7 on: April 16, 2012, 12:20:58 am »
ok, thanks for the info, it was new to me also.

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #8 on: April 16, 2012, 11:25:47 am »
I use manual NAT because i also route some IP blocks (external IP's)

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Windows Share problem
« Reply #9 on: April 16, 2012, 07:00:04 pm »
I use manual NAT because i also route some IP blocks (external IP's)

Ok, in that case just make sure you don't have outbound NAT rules matching traffic between internal networks.

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #10 on: April 17, 2012, 01:47:04 am »
Dear,

I don't think i have...do i?

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Windows Share problem
« Reply #11 on: April 17, 2012, 01:54:00 am »
Too many interfaces there in outbound NAT and not enough context to tell. Run a constant ping to the NAS, and check Diagnostics>States. Should just show two IPs there, not a third in the middle where it's translating it. If that's good, then your problem is almost certainly the NAS is setup to not serve Windows shares to off-subnet hosts. For instance Samba has a config option that lets you restrict what IP subnets it will serve, if it's a Windows host, the default Windows firewall settings commonly block all off-subnet file access.

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #12 on: May 08, 2012, 12:23:06 pm »
This is what i get with ping :

icmp    10.0.0.31:768 <- 10.101.0.2    0:0    
icmp    10.101.0.2:768 -> 10.0.0.31    0:0

10.0.0.31 = NAQ
10.101.0.2 = laptop using wireless

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Windows Share problem
« Reply #13 on: May 09, 2012, 08:44:08 am »
Then you aren't NATing, so that much is good. Problem is on the server then, what I noted in my last post.

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: Windows Share problem
« Reply #14 on: May 09, 2012, 10:35:44 am »
cmb,

Thanks for your support, time and answers!