Lost access to SMB shares after installing pfsense

    • Official Post

    How did you get to them before, I assume by going to smb://ip or localhost in your file browser?

    I don't recall, it's been so long ago. They have just been there. On the Mac there is just a network tab in the "finder" window and you click on it and they just appear. On the Linux machine, I just cannot remember, except it was something in a folder window, or some app. not on the browser.



    This gets us into exactly how are you testing this. From what machine, where is this machine, and to what URL?


    For example, from a LAN machine within the same LAN as the server, trying to connect to a URL hostname that resolves to your public IP address or even the bare IP: port will generally require special treatment in the pfsense settings to enable NAT reflection.

    The desktop machine I mostly use is at 192.168.1.150 on the LAN. The server that hosts Nextcloud is on the same LAN at 192.168.1.140. I don't have Nextcloud set up to access locally, only through swag/duckdns. I cannot reach Nextcloud from either my Linux desktop, the MacBook Pro, or my mobile devices on wifi, but I just disabled wifi on my phone and was able to connect to my Nextcloud app using cell data.


    I'm turning in for the night. Thanks all for the help.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • The desktop machine I mostly use is at 192.168.1.150 on the LAN. The server that hosts Nextcloud is on the same LAN at 192.168.1.140. I don't have Nextcloud set up to access locally, only through swag/duckdns. I cannot reach Nextcloud from either my Linux desktop, the MacBook Pro, or my mobile devices on wifi, but I just disabled wifi on my phone and was able to connect to my Nextcloud app using cell data.

    And this is the piece I need to provide the probable answer.


    When on your LAN if you try to go to a hostname that resolves to your public IP address and there is a public facing service configured via NAT in the router, the desired result is that the packets hit the router, they are NAT'd to the private IP address given by the NAT rule and "reflected" back into the LAN to the private IP address of the machine running the service.


    The default behavior in almost every available consumer grade SOHO type NAT router is to not support NAT reflection at all. Split DNS type kludges are usually suggested as the workaround.


    However, pfsense does support NAT reflection, but it isn't enabled by default.


    Here is the pfsense explanation:


    https://docs.netgate.com/pfsen…atest/nat/reflection.html


    In pfsense I use the settings in the screenshot below on the System | Advanced | Firewall & NAT page. Do click on anything in the TFTP Proxy box.


    Good luck.

    • Official Post
    Quote

    Enable NAT Reflection for 1:1 NAT

    This option allows clients on internal networks to reach locally hosted services by connecting to the external IP address of a 1:1 NAT entry. To fully activate the feature, check both Enable NAT Reflection for 1:1 NAT and Enable automatic outbound NAT for Reflection. The latter option is only necessary if clients and servers are in the same subnet.

    That was it! I remember seeing this but I was skimming and my eyes were glazing over because of the sheer volume information and I didn't understand the implications. I had been in that section and switched between Pure NAT, NAT + proxy, and disabled because I had read something, but I never touched those two check boxes.


    Nextcloud and my other services connected with the reverse proxy of swag are accessible from inside the network. Thank you gderf for your help.


    Now I will move on to this SMB issue. KM0201 gave me some clues to work with.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

    • Official Post

    That was it! I remember seeing this but I was skimming and my eyes were glazing over because of the sheer volume information and I didn't understand the implications. I had been in that section and switched between Pure NAT, NAT + proxy, and disabled because I had read something, but I never touched those two check boxes.


    Nextcloud and my other services connected with the reverse proxy of swag are accessible from inside the network. Thank you gderf for your help.


    Now I will move on to this SMB issue. KM0201 gave me some clues to work with.

    IIRC, you use KDE, which I think uses the Dolphin file manager. Is there not a Networks section in dolphin, that you can click on and it will show network services available? Very similar to Windows or Mac I assume (Thunar has this on XFCE). If I click on the that it will show "openmediavault-smb" or something similar.. I click on that and it shows my SMB shares.

    • Official Post

    Is there not a Networks section in dolphin

    Yes. It's called Smb4K, a "Samba share mounting utility". I just discovered it and you have to enter the share you want to mount as //192.168.1.140/media and away you go. I swear, that is not how I had them displayed before. Don't know how I did it before, but this works now.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

    • Official Post

    I do remember Thunar when I ran xfce a while back. Smb4K is a lot like that.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

    • Official Post

    Yes. It's called Smb4K, a "Samba share mounting utility". I just discovered it and you have to enter the share you want to mount as //192.168.1.140/media and away you go. I swear, that is not how I had them displayed before. Don't know how I did it before, but this works now.

    I'll make this reason number 1,926,444 I won't use KDE.. :)


    Glad it was simple to figure out.

    • Official Post

    I started out trying to mount the shares using the command line from this site, and the shares mounted fine but I had permission issues and couldn't change it while the shares were mounted, so I tore it all down to change ownership and permissions, and when I tried to mount it again I kept getting the error

    $ sudo mount -a

    mount error(22): Invalid argument

    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

    So I ditched it and figured out how to run the Smb4k utility.

    Now don't be hating on KDE. :)

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

    • Official Post

    I need to back away from the last post above. the Samba utility (Smb4K) was painfully slow and a couple of times crashed my file browser. So I went back in search of a command line solution. Here is what I came up with, mostly from here:

    1. Install CIFS utilities: sudo apt-get install cifs-utils
    2. Create a mount point: sudo mkdir /mnt/samba
    3. Enter this line and supply root password: sudo –s
    4. Careful with this file. It might be best to back it up first: nano /etc/fstab
    5. Enter this line at the end of this file. Each share you want to auto mount needs a separate line. Adjust for your situation: //192.168.1.140/media /mnt/samba cifs username=myuser,password=mypassword,file_mode=0666,dir_mode=0777 0 0
    6. Save: control-c then y then enter
    7. Reboot

    It does not matter what permissions or ownership I set for the samba folder, when I rebooted and the share mounted there, ownership would change to root root and I could not write to the shares. Only after I added the file_mode and dir_mode to the end of step 5 was I able to write to the shares.


    Not being extremely ownership/permissions savvy, is this a good/safe practice or no?

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • Thank you so much, got it working for opnsense actualy saw it on the web but i was confused with the NAT port forward page

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!