OPNsense Forum
English Forums => General Discussion => Topic started by: stevew on April 30, 2020, 05:14:33 pm
-
Hello all, A little information about our network. It is a Windows network With Server 2016 as the domain controller and DHCP control. We have a local domain. Domain name is o.cartermi.com. We have a FreeNAS server that is set up on the network. This FreeNAS hostname filesvr1 is where we store all of our files for our business. We have a MFP copier/scanner/printer at a workstation it has an ip of 10.14.1.34, we will call this prn-receiving.
Ok the reason I'm here is that I'm trying to scan to a SMB folder share on filesvr1 with prn-receiving. I can browse to the directory and create files, modify them and delete them. so there should be no issues with permissions.
The following link opens a google photos album which contains a couple screen shots. one for the smb scan to configuration from prn-receiving's web browser interface and the second is the results when running the test on the connection.
https://photos.app.goo.gl/wfX7PS79fYuHyr7n8 (https://photos.app.goo.gl/wfX7PS79fYuHyr7n8)
I need help setting the opnSense to allow port 139 and 445 open to the prn-receiving and filesvr1.
Hopefully I have explained myself enough, if anyone can give me some help on this that would be great. If you need more info please let me know so I can update the post.
ALso one more thing I forgot to mention about our Network is that we use a DFS(Dynamic File System) on the Windows 2016 Server for our FreeNAS shares, this helps us sync to an offsite backup server should our local one go down.
-
You need more than TCP 445 for SMB, unless your share is open without authentication.
https://support.microsoft.com/en-gb/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
TCP 139 is part of NetBIOS over TCP/IP which is deprecated and not required for SMB.
Also check your DNS and NTP - both can break SMB with Kerberos.
Bart...
-
Are you scanning from LAN to LAN??
Or are you traversing the FW?
-
This is being scanned on a MFP scanner(prn-receiving) our local network domain to a server(filesvr1) on our local network domain.
I just updated the 3 year old firmware on the device and now its working. There must have been a bug in the original firmware. Funny thing is now I have tried the same procedure with the same settings on another MFP in a different location in our building using the same local domain and and that one fails. the bug most likely was never fixed in that firmware for that model. I'm emailing the support for that device and hopefully they can help. If not I will just replace the device they are both over 5 years old.
-
That sounds like the old firmware is stuck on SMB v1. Not something you want on your network after Wannacry.
Bart...