OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: vigilian on April 01, 2021, 07:06:47 am
-
Hi,
So for this specific setup,
opnsense is a VM which act as a Island firewall to isolate this specific lab of VMs, all hosted on the same server.
I'm trying to let through some samba/cifs shares that I've set up on truenas.
The VM are communicating through virtual network to each other and opnsense is the one with the bridging access to the "outside world".
According to the tcpdump of truenas, there is no packets being received from the outside world on port tcp 445. It is being received if I test it through VMs with smbclient.
I can contact the truenas or other VM with my port forwarding rules I created throuhg SSH.
The rules I created for 445,139,138,137 does look exactly the same besides the fact that I've specified the same port as destination and forwarding.
From what I could read of the live log of the firewall the 445 port was contacted and greenlighted.
So I'm a bit out of leads here.
As I said the rules does seem exactly the same than the SSH ones.
So I would like to rule out any misconfiguration of my behalf or maybe any little specifics that I wouldn't know about opnsense.
For example:
- is there any hard rule that would prevent me to forward cifs ports (MS DS) maybe ?
- or is it something special to do about it
Thanks in advance for all the leads that you could bring me.
-
Are you using the correct protocol for each port? Ports 137 and 138 are UDP iirc
-
Are you using the correct protocol for each port? Ports 137 and 138 are UDP iirc
yeah for what I can tell yes.
And if I understand correctly 137-139 is only for netbios correct? So if I specify the address it shouldn't even rely on it correct?
I am going to ask certainly a stupid question here, but Is cifs compatible to go through a NAT? I wouldn't see why theorically but mayeb I missed something about the content of this protocol?
-
maybe is there any logs that I should copy paste here? I'm not quite sure how to collect them
-
Yes, 137-139 are netbios, and I see no reason in principle why what you are trying to do shouldn’t work
-
by the way a iscsi redirection port is working for example
so it is really seems specific to nfs and cifs and I can't get any ideas why it would be like that
-
So apparently it's not necessarily related to opnsense or the firewall settings since it's working from a virtualbox VM ubuntu which is linked to DHCP so through bridge somewhere on the outside LAN. So it must be a windows specific problem which is not using samba/cifs protocol for some reason.
-
I saw an old post (https://superuser.com/questions/270678/ports-for-nated-windows-share) that suggested Windows used ping as well to check the share. May no longer be valid