What's new

Enable samba from wan

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Levente

Occasional Visitor
There is no vlan function in asusware routers, and because of it I set one of my ap back to router mode (to create another subnet).
So now there is my main router (192.168.1.x), and my second router (192.168.2.x, which wan ip is 192.168.1.x).

But there is a HDD on my 192.168.2.x (2nd router) with samba share, and I would like to reach it from 192.168.1.x subnet (1st router).

Can you tell me please how to do it?
 
I opened it, but it is only for router setup (router webui), and only for https (because of security). Or not?
 
I opened it, but it is only for router setup (router webui), and only for https (because of security). Or not?
from inside your intranet I would think there is no security reason to disable it for http on second router, but others may have more knowledge. For sure it is a must have on your main router to block the world.
 
Try disabling NAT and the firewall on the second router.
I disabled the firewall (firewall, general tab, disable firewall), but I can't turn off the NAT (wan, internet connection tab, disable nat) because there won't be internet on the 2nd subnet.
I've set up port forward for 135,139,445 ports (wan, virtual server/port forward tab).
There is something in the firewall (firewall, net service filter tab), maybe I should set it too.
 
but I can't turn off the NAT (wan, internet connection tab, disable nat) because there won't be internet on the 2nd subnet.
Sorry, I don't follow what you mean. Turing off NAT won't effect internet access from the second subnet, but it will mean that you don't need any port forwarding rules.

EDIT: Yes, sorry. I see what you mean. Let me think about it.

EDIT 2: OK, I forgot to say that if you turn off NAT you need to setup a static route (LAN > Route) to it on the first router.
 
Last edited:
I'm beginner, and I'm doing something wrong I think.
Network/Host ip: my secondary router lan ip (192.168.2.1)
Netmask: 255.255.255.0
Gateway: my router ip (192.168.1.1)
Metric: - (nothing)
Interface: LAN

When I'm turning off NAT on the secondary router, there will be no internet access. Where I did the mistake?
My sendory router wan ip is 192.168.1.3, connected through 192.168.1.2 aimesh node lan port.
 
I'm beginner, and I'm doing something wrong I think.
Network/Host ip: my secondary router lan ip (192.168.2.1)
Netmask: 255.255.255.0
Gateway: my router ip (192.168.1.1)
Metric: - (nothing)
Interface: LAN

When I'm turning off NAT on the secondary router, there will be no internet access. Where I did the mistake?
My sendory router wan ip is 192.168.1.3, connected through 192.168.1.2 aimesh node lan port.

When you disable NAT, the actual source IP of the packets on the secondary router's local network are sent to the primary local network, without being masked w/ the IP of the WAN on the secondary router. When those packets reach any devices on the primary local network, including the primary router itself, those devices don't know how to route that traffic back to the secondary router. IOW, they have no clue where that traffic is coming from!

In order to be able to route those packets back, you need to add a static route on the primary router that points to the WAN ip of the secondary router as the gateway for the local network behind it.

One caveat; if the primary router is running OEM firmware, that's not always possible because many times that firmware doesn't allow you to add static routes. That's why it's generally recommended that you continue to use NAT, even if you pay a small price for it in terms of performance.
 
I'm beginner, and I'm doing something wrong I think.
Network/Host ip: my secondary router lan ip (192.168.2.1)
Netmask: 255.255.255.0
Gateway: my router ip (192.168.1.1)
Metric: - (nothing)
Interface: LAN

When I'm turning off NAT on the secondary router, there will be no internet access. Where I did the mistake?
My sendory router wan ip is 192.168.1.3, connected through 192.168.1.2 aimesh node lan port.
That should be:

Network/Host ip: 192.168.2.0
Netmask: 255.255.255.0
Gateway: 192.168.1.3
Metric: - (nothing)
Interface: LAN

I don't know what you mean by "connected through 192.168.1.2 aimesh node lan port". This is the first time you've mentioned AiMesh and Merlin's firmware doesn't support that.
 
That should be:

Network/Host ip: 192.168.2.0
Netmask: 255.255.255.0
Gateway: 192.168.1.3
Metric: - (nothing)
Interface: LAN

I don't know what you mean by "connected through 192.168.1.2 aimesh node lan port". This is the first time you've mentioned AiMesh and Merlin's firmware doesn't support that.
Thank you!
Nat and firewall are disabled, but still can't reach the router's hdd from the 1st (192.168.1.x) subnet. The second router's wan fix ip is 192.168.1.3. I can reach the webui but only with https.

The aimesh thing: I have an ac68u E1 (aimesh router, 192.168.1.x with oem fw), and a ac68u A1 (aimesh node, also with oem fw). And I have an ac66u b1 with merlin fw (192.168.2.1), which is connected to the node with cable, and I would like to reach its hdd from the 192.168.1.x subnet.
 
Did making the changes to the static route fix the problem you were having accessing the internet from 192.168.2.x?

Make sure you have removed those port forwarding rules you made earlier.

When you say you can't "reach" the second router's hdd what exactly are you trying? Can you ping 192.168.2.1 from 192.168.1.x? What error message do you get when entering \\192.168.2.1\ ?

I don't know anything about AiMesh so I don't know whether that would stop this working.
 
Did making the changes to the static route fix the problem you were having accessing the internet from 192.168.2.x?

Make sure you have removed those port forwarding rules you made earlier.

When you say you can't "reach" the second router's hdd what exactly are you trying? Can you ping 192.168.2.1 from 192.168.1.x? What error message do you get when entering \\192.168.2.1\ ?

I don't know anything about AiMesh so I don't know whether that would stop this working.

The internet access thing has solved, it's okay, thanks the help!

I removed the forwarding rules, I can ping the 192.168.1.3 ip, but can't reach the hdd samba share there (from the 192.168.1.x subnet). I can reach it from 192.168.2.x subnet the \\192.168.2.1 hdd share, and the \\192.168.1.1. share).
 
Can you ping 192.168.2.1 from 192.168.1.x?

What error message do you get when entering \\192.168.2.1\ from the 192.168.1.x subnet?
 
Yes. And also can ping 192.168.1.3. But how should I reach it: on 192.168.1.3 or 192.168.2.1?

"What error message do you get when entering \\192.168.2.1\ from the 192.168.1.x subnet?"
Like this. Error code: 0x80004005
Don't use "\\server" use "\\192.168.2.1".

EDIT: OK I see a problem here. The newer firmwares have additional parameters in smb.conf (hosts allow/deny) that specifically block access from other subnets. So to fix this you're going to have to create a /jffs/scripts/smb.postconf file exactly as follows:
Code:
#!/bin/sh

CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "hosts allow =" "hosts allow = 192.168.1.1/255.255.255.0" $CONFIG
 
Last edited:
Don't use "\\server" use "\\192.168.2.1".

EDIT: OK I see a problem here. The newer firmwares have additional parameters in smb.conf (hosts allow/deny) that specifically block access from other subnets. So to fix this you're going to have to create a /jffs/scripts/smb.postconf file exactly as follows:
Code:
#!/bin/sh

CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "hosts allow =" "hosts allow = 192.168.1.1/255.255.255.0" $CONFIG

Many thanks, this solved my problem.
 
Don't use "\\server" use "\\192.168.2.1".

EDIT: OK I see a problem here. The newer firmwares have additional parameters in smb.conf (hosts allow/deny) that specifically block access from other subnets. So to fix this you're going to have to create a /jffs/scripts/smb.postconf file exactly as follows:
Code:
#!/bin/sh

CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "hosts allow =" "hosts allow = 192.168.1.1/255.255.255.0" $CONFIG

When I use openvpn, its not working, because it's another subnet. How to add it to the script?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top