What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Accessing router SMB server from Guest network?

S

Stiletto364

New Around Here
My equipment:
GT-AX6000 running Merlin 3006.102.4, IP = 192.168.10.1
SMB server enabled, SMB 2.0 (see attached config)
  1. Main LAN = 192.168.10.0/24
    1. Laptop IP = 192.168.10.46
    2. Android phone = 192.168.10.101 (2.4 Ghz)
    3. Firestick 4K Max = 192.168.10.111 (5 Ghz)
  2. VLAN 52 192.168.52.xxx Intranet access enabled to Main LAN; AP Isolation disabled (see attached config)
    1. Firestick 4k Max 192.168.52.186 (5 Ghz)
    2. Android phone 192.168.52.247 (2.4 Ghz)
What's happening:
I can access the router-based SMB server with no issues from the laptop, the phone and the Firestick located on the main LAN and primary 2.4 and 5 Ghz SSIDs. Works perfectly. I can do a port scan to 192.168.10.1:445 with success. I can ping both clients on VLAN 52 from the router and the Android phone on the main LAN without problems.
However, I cannot access the router SMB server even though intranet access to the main LAN is configured (result is an error resolving the router IP address). Using the phone on VLAN 52 to launch a scan of port 445 on 192.168.10.1 fails. Attempts at pinging the router from the VLAN 52 phone also fail. The results of a brctl show performed on the router is attached, along with the SMB share config and VLAN config.

I would have expected that enabling intranet access to the main LAN on VLAN 52 would have allowed bi-directional access from main LAN <==> VLAN 52 but apparently it is one-way. Has anyone seen this before and can explain what is going on? Or even better, how to resolve the issue? I know the workaround is to move the clients requiring SMB access to the main LAN but that defeats the purpose of the VLAN intranet access capability, doesn't it?

Appreciate any insight anyone could share regarding this.
 

Attachments

  • 1753301544122.png
    1753301544122.png
    75.2 KB · Views: 7
  • SMB Config.PNG
    SMB Config.PNG
    96.5 KB · Views: 7
  • VLAN 52.PNG
    VLAN 52.PNG
    52.9 KB · Views: 7
@Stiletto364, the Guest Network Pro Profile's Access Intranet option, as you have discovered, doesn't currently work properly for some. Its something that's been commented on in a number of earlier posts on both the stock Asus 3006.102.x firmware and Asus-Merlin 3006.102.x firmware. The workaround if Access Intranet isn't working, if you want Guest Network Pro Profile clients to access the main LAN when one has configured the Guest Network Pro Use same subnet as main network to disable, is to use a firewall-start script with IPTables entries that allow the traffic to pass to/from the two networks. There are a number of past discussions on this Guest Network Pro accessing main LAN using firewall-start scripting, here are a few of them:
www.snbforums.com

Trying to understand Guest Network Pro limitations

Using an AX-86U Pro on FW 3006.102.4_beta1, I'm experimenting with Guest Network Pro and VLANs and I must be missing something. I've created a VLAN (tagged as 3) and set ethernet port 3 as an access port tagged with that VLAN. I've then created a new guest network with that same VLAN, turned on...
www.snbforums.com www.snbforums.com
www.snbforums.com

Iptables functionality on 3006.102.4

Dirty upgrade from 3004 to 3006.102.4 on my AX88u-Pro a couple days ago. All looked good so far, except I have some iptables rules in firewall-start that do not seem to work anymore. One set of rules dnat'd any DNS other than those in the cleanbrowsing ranges. Ie, if a device used any...
www.snbforums.com www.snbforums.com
www.snbforums.com

Allowing main network to access guest networks

Hi everyone, Running on the 3006 firmware version, I have 3 guest networks that are isolated from everything. I'd like to have the main network (192.168.0.0/24 on br0) be able to reach one-way to those 3 guest subnets. I currently achieve this with a firewall-start script that runs the...
www.snbforums.com www.snbforums.com
www.snbforums.com

Setting up IoT networks using 3006 firmware?

If I understand the new 3006 IoT networks correctly: when using the same VLAN as the main network, devices on the main network (PCs, phones, tablets) can see IoT devices (and vice versa) when using a different VLAN than the main network, devices on the main network cannot see IoT devices (and...
www.snbforums.com www.snbforums.com
www.snbforums.com

mDNs / Bonjour / Multicast

Hi everyone, I am having issues with 3 HomePods in my home. I have 2 AirPlay receivers which work flawlessly, however my HomePods are very hit and miss to work, I took one on holiday and noticed it was much better than at home. Are there any settings or things to enable/check to ensure mDNs /...
www.snbforums.com www.snbforums.com
And see this post with an example: https://www.snbforums.com/threads/t...st-network-pro-limitations.94438/#post-952345

Edit: Fixed error
 
Last edited:
bennor said:
@Stiletto364, the Guest Network Pro Profile's Access Intranet option, as you have discovered, doesn't currently work properly for some. Its something that's been commented on in a number of earlier posts on both the stock Asus 3006.102.x firmware and Asus-Merlin 3006.102.x firmware. The workaround if Access Intranet isn't working, if you want Guest Network Pro Profile clients to access the main LAN when one has configured the Guest Network Pro Use same subnet as main network to enable, is to use a firewall-start script with IPTables entries that allow the traffic to pass to/from the two networks. There are a number of past discussions on this Guest Network Pro accessing main LAN using firewall-start scripting, here are a few of them:
www.snbforums.com

Trying to understand Guest Network Pro limitations

Using an AX-86U Pro on FW 3006.102.4_beta1, I'm experimenting with Guest Network Pro and VLANs and I must be missing something. I've created a VLAN (tagged as 3) and set ethernet port 3 as an access port tagged with that VLAN. I've then created a new guest network with that same VLAN, turned on...
www.snbforums.com www.snbforums.com
www.snbforums.com

Iptables functionality on 3006.102.4

Dirty upgrade from 3004 to 3006.102.4 on my AX88u-Pro a couple days ago. All looked good so far, except I have some iptables rules in firewall-start that do not seem to work anymore. One set of rules dnat'd any DNS other than those in the cleanbrowsing ranges. Ie, if a device used any...
www.snbforums.com www.snbforums.com
www.snbforums.com

Allowing main network to access guest networks

Hi everyone, Running on the 3006 firmware version, I have 3 guest networks that are isolated from everything. I'd like to have the main network (192.168.0.0/24 on br0) be able to reach one-way to those 3 guest subnets. I currently achieve this with a firewall-start script that runs the...
www.snbforums.com www.snbforums.com
www.snbforums.com

Setting up IoT networks using 3006 firmware?

If I understand the new 3006 IoT networks correctly: when using the same VLAN as the main network, devices on the main network (PCs, phones, tablets) can see IoT devices (and vice versa) when using a different VLAN than the main network, devices on the main network cannot see IoT devices (and...
www.snbforums.com www.snbforums.com
www.snbforums.com

mDNs / Bonjour / Multicast

Hi everyone, I am having issues with 3 HomePods in my home. I have 2 AirPlay receivers which work flawlessly, however my HomePods are very hit and miss to work, I took one on holiday and noticed it was much better than at home. Are there any settings or things to enable/check to ensure mDNs /...
www.snbforums.com www.snbforums.com
And see this post with an example: https://www.snbforums.com/threads/t...st-network-pro-limitations.94438/#post-952345
Click to expand...
Thanks, I checked the forums this morning before posting to see if I could solve it on my own (to no avail unfortunately). I will scour those posts you mentioned to see if I overlooked a trick or two, I appreciate you responding to me so quickly.

I already tried the following iptables entries earlier today but I am still experiencing only one-way traffic (from the main LAN to vlan 52).

iptables -I FORWARD -i br52 -s 192.168.52.0/24 -d 192.168.10.1 -j ACCEPT
iptables -I FORWARD -i br0 -s 192.168.10.1 -d 192.168.52.0/24 -j ACCEPT
 
You must log in or register to reply here.

Similar threads

D
Trying to understand Guest Network Pro limitations
2
Replies
39
Views
4K
fotingo
F
1
Understanding guest network pro
Replies
4
Views
665
visortgw
visortgw
T
RT-BE92 InterVlan??
Replies
6
Views
553
Tekko
T
S
GT-AXE16000 Guest Vlan question with ubiquiti
Replies
1
Views
307
styx
S
F
Restart VPN server when it breaks?
Replies
12
Views
617
Martinski
M
Similar threads
Thread starter Title Forum Replies Date
P Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware Asuswrt-Merlin 9
E Ethernet LAN missing from WAN - Dual WAN when accessing via WireGuard VPN Asuswrt-Merlin 0
E Accessing remote lan over site to site from a Openvpn client Asuswrt-Merlin 4
A Remotely rebooting or accessing aimesh node? Asuswrt-Merlin 2
J Help/advice needed for accessing GT-AX11000 SMB shares from WSL Asuswrt-Merlin 6
postoronnim-v How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)? Asuswrt-Merlin 18
M Extend Guest network to another router Asuswrt-Merlin 17
consorts Solved guide me on which merlin 3006.102.4 router should i buy - if... Asuswrt-Merlin 37
gil80 Router's GUI missing elements Asuswrt-Merlin 2
nospamever Temporarily putting AC-RT86U out of router mode Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 613 (members: 18, guests: 595)
Back
Top