[Firewall] No SMB access via VPN

[Telos]

Recently I've lost the ability to reach my NAS file when my phone is connected by VPN Server. I've discovered that dropping the firewall allows me to see the NAS files.

I'm puzzled by what firewall rule I need to add to obtain SMB file access. I've allowed the VPN IP range (101.10.10.1-10.10.10.255), all ports/protocols... but that has no effect.

Obviously I'm missing something simple, and I'd appreciate any feedback.

 

[WST16]

10.10.10.255

I don’t think this it it, but the 255 is for broadcast. Don’t know if it works or not (depends on the device) but it’s not a host‘s IP address. Use 10.10.10.254.

The way I do it with VPN:
On the ports I select VPN server (Open VPN). If you scroll through the list you’ll find it.
Source IP: I restrict by location (allow one country only for example).
Action: Allow.

 

[fredbert]

Looking in the list of applications I see two that have port ranges suffixed with '(Source port)'. One is for SMB (TCP 445).

It may be that the FW rule has to be explicitly stated for Windows File Sharing? But it doesn't make much sense if there's a rule of "<VPN subnet> / <NAS> / <all destination ports>".

 

[WST16]

If you're talking about mounting shared folders from the NAS (not from a server on the LAN) via SMB, then no need for explicit rules. I'm using a Mac and if I connect to my NAS using OpenVPN, I can mount the shares (using SMB) on my laptop.

These are my rules on this particular DS (nothing special):


The VPN rule is as I explained in the post above.

 

[Telos]

Thank you both. The screenshot cleared it up. I was using LAN1 versus All Interfaces. So I selected VPN and added "all" and access was fine.

I suppose I need to move a bunch of rules from LAN1 where they are in effect for LAN2 or VPN.

A picture is worth a thousand words!

 

[fredbert]

The drops! Well spotted.