1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Enable samba from wan

Discussion in 'Asuswrt-Merlin' started by Levente, Jun 16, 2019.

Tags:
  1. Levente

    Levente Occasional Visitor

    Joined:
    Mar 14, 2018
    Messages:
    27
    There is no vlan function in asusware routers, and because of it I set one of my ap back to router mode (to create another subnet).
    So now there is my main router (192.168.1.x), and my second router (192.168.2.x, which wan ip is 192.168.1.x).

    But there is a HDD on my 192.168.2.x (2nd router) with samba share, and I would like to reach it from 192.168.1.x subnet (1st router).

    Can you tell me please how to do it?
     
  2. Grisu

    Grisu Part of the Furniture

    Joined:
    Aug 28, 2014
    Messages:
    2,048
    open WAN access on your 2nd router admin page.
     
  3. Levente

    Levente Occasional Visitor

    Joined:
    Mar 14, 2018
    Messages:
    27
    I opened it, but it is only for router setup (router webui), and only for https (because of security). Or not?
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,847
    Location:
    UK
    Try disabling NAT and the firewall on the second router.
     
  5. Grisu

    Grisu Part of the Furniture

    Joined:
    Aug 28, 2014
    Messages:
    2,048
    from inside your intranet I would think there is no security reason to disable it for http on second router, but others may have more knowledge. For sure it is a must have on your main router to block the world.
     
    martinr likes this.
  6. Levente

    Levente Occasional Visitor

    Joined:
    Mar 14, 2018
    Messages:
    27
    I disabled the firewall (firewall, general tab, disable firewall), but I can't turn off the NAT (wan, internet connection tab, disable nat) because there won't be internet on the 2nd subnet.
    I've set up port forward for 135,139,445 ports (wan, virtual server/port forward tab).
    There is something in the firewall (firewall, net service filter tab), maybe I should set it too.
     
  7. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,847
    Location:
    UK
    Sorry, I don't follow what you mean. Turing off NAT won't effect internet access from the second subnet, but it will mean that you don't need any port forwarding rules.

    EDIT: Yes, sorry. I see what you mean. Let me think about it.

    EDIT 2: OK, I forgot to say that if you turn off NAT you need to setup a static route (LAN > Route) to it on the first router.
     
    Last edited: Jun 17, 2019
  8. Levente

    Levente Occasional Visitor

    Joined:
    Mar 14, 2018
    Messages:
    27
    I'm beginner, and I'm doing something wrong I think.
    Network/Host ip: my secondary router lan ip (192.168.2.1)
    Netmask: 255.255.255.0
    Gateway: my router ip (192.168.1.1)
    Metric: - (nothing)
    Interface: LAN

    When I'm turning off NAT on the secondary router, there will be no internet access. Where I did the mistake?
    My sendory router wan ip is 192.168.1.3, connected through 192.168.1.2 aimesh node lan port.
     
  9. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    220
    When you disable NAT, the actual source IP of the packets on the secondary router's local network are sent to the primary local network, without being masked w/ the IP of the WAN on the secondary router. When those packets reach any devices on the primary local network, including the primary router itself, those devices don't know how to route that traffic back to the secondary router. IOW, they have no clue where that traffic is coming from!

    In order to be able to route those packets back, you need to add a static route on the primary router that points to the WAN ip of the secondary router as the gateway for the local network behind it.

    One caveat; if the primary router is running OEM firmware, that's not always possible because many times that firmware doesn't allow you to add static routes. That's why it's generally recommended that you continue to use NAT, even if you pay a small price for it in terms of performance.
     
    Levente and joe scian like this.
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,847
    Location:
    UK
    That should be:

    Network/Host ip: 192.168.2.0
    Netmask: 255.255.255.0
    Gateway: 192.168.1.3
    Metric: - (nothing)
    Interface: LAN

    I don't know what you mean by "connected through 192.168.1.2 aimesh node lan port". This is the first time you've mentioned AiMesh and Merlin's firmware doesn't support that.
     
    Levente and L&LD like this.
  11. Levente

    Levente Occasional Visitor

    Joined:
    Mar 14, 2018
    Messages:
    27
    Thank you!
    Nat and firewall are disabled, but still can't reach the router's hdd from the 1st (192.168.1.x) subnet. The second router's wan fix ip is 192.168.1.3. I can reach the webui but only with https.

    The aimesh thing: I have an ac68u E1 (aimesh router, 192.168.1.x with oem fw), and a ac68u A1 (aimesh node, also with oem fw). And I have an ac66u b1 with merlin fw (192.168.2.1), which is connected to the node with cable, and I would like to reach its hdd from the 192.168.1.x subnet.
     
  12. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,847
    Location:
    UK
    Did making the changes to the static route fix the problem you were having accessing the internet from 192.168.2.x?

    Make sure you have removed those port forwarding rules you made earlier.

    When you say you can't "reach" the second router's hdd what exactly are you trying? Can you ping 192.168.2.1 from 192.168.1.x? What error message do you get when entering \\192.168.2.1\ ?

    I don't know anything about AiMesh so I don't know whether that would stop this working.
     
  13. Grisu

    Grisu Part of the Furniture

    Joined:
    Aug 28, 2014
    Messages:
    2,048
    AFAIK Aimesh doesnt support USB (nor guest-wifi) on Aimesh-nodes.
     
  14. Levente

    Levente Occasional Visitor

    Joined:
    Mar 14, 2018
    Messages:
    27
    The internet access thing has solved, it's okay, thanks the help!

    I removed the forwarding rules, I can ping the 192.168.1.3 ip, but can't reach the hdd samba share there (from the 192.168.1.x subnet). I can reach it from 192.168.2.x subnet the \\192.168.2.1 hdd share, and the \\192.168.1.1. share).
     
  15. Levente

    Levente Occasional Visitor

    Joined:
    Mar 14, 2018
    Messages:
    27
    I know, but please read: I have 3 devices, and only 1 is a node, the other 2 has usb sharing.
     
  16. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,847
    Location:
    UK
    Can you ping 192.168.2.1 from 192.168.1.x?

    What error message do you get when entering \\192.168.2.1\ from the 192.168.1.x subnet?
     
  17. Levente

    Levente Occasional Visitor

    Joined:
    Mar 14, 2018
    Messages:
    27
    Yes. And also can ping 192.168.1.3. But how should I reach it: on 192.168.1.3 or 192.168.2.1?

    "What error message do you get when entering \\192.168.2.1\ from the 192.168.1.x subnet?"
    Like this. Error code: 0x80004005
     
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,847
    Location:
    UK
    Don't use "\\server" use "\\192.168.2.1".

    EDIT: OK I see a problem here. The newer firmwares have additional parameters in smb.conf (hosts allow/deny) that specifically block access from other subnets. So to fix this you're going to have to create a /jffs/scripts/smb.postconf file exactly as follows:
    Code:
    #!/bin/sh
    
    CONFIG=$1
    source /usr/sbin/helper.sh
    
    pc_replace "hosts allow =" "hosts allow = 192.168.1.1/255.255.255.0" $CONFIG
     
    Last edited: Jul 13, 2019 at 5:46 PM