PFSENSE and FREENAS Samba configuration issue!

Hello everyone, one of the normies doing everyday normie stuff.

I am trying to make my PC to connect to my FREENAS server without any success. The image below is a general representation of my network.


I have separate LANs, each with its separated NICs (No VLANs). The connection between my router and the NAS is a direct cable connection. My computer is on LAN01, so it am expecting to go from my PC -> Switch -> PFSENSE -> NAS.

My reason for this config is because I want to almost all LANs to access the NAS, but I don’t want the LANs to have access between them (specially WIFI). In my normie way of thinking, I believe to be a more secure home setup.

So, when I type on my explorer the IP address from the NAS, it lets me enter the web GUI. But when I am trying to enter the Samba shared unit, it does not allow me to see it and connect to it.

At this point I am unsure if it is my router or something bad configured on the NAS. I made a test connecting the NAS directly to the LAN01 switch and it worked.

On the PFSENSE side I believe I allowed the NAS to connect to all networks in the firewall rules below. Am I missing something? I want to watch my normie videos and stuff. :slight_smile: Thanks in advanced.

UPDATES, as requested by the community.

I have tried inserting the IP address manually, still no luck. Curiously the Web GUI for the NAS continues to work (have access).

Can you access the shares if you manually type them in rather than using the network browser whatever it’s called? Network discovery relies on broadcast traffic to work and broadcast traffic is not routed so the NAS won’t be discovered on the other networks. But if your firewall rules are configured correctly you can still manually connect to the server.

Hi, thanks for your reply. I have manually typed the IP address, still no luck. Regards.

Can you post the rest of your firewall rules?

Hi, I added the LAN01 rules in the main post as an update. Let me know if an additional info is required. Regards thanks.

The rules are allowing everything so if you can’t access the server it’s not the firewall.

Are you sure you can’t access it manually. If you’re on Windows it should be //IP/share if you type that into the file browser (or \ I can’t remember which it is).

1 Like

The probably “not for normies” troubleshooting steps would be to open wireshark and look at any traffic between your computer and the IP that FreeNAS has that’s flowing over port 445 (modern smb protocol). When you type \\nas.ip.num.ber\share_name into explorer you should see a connection being established (rules out any firewall misconfiguration) and you’re likely to be able to see some details around SMB.

If you don’t see a connection being established we can troubleshoot networking.

A more normie thing to try, instead of Wireshark, you could telnet nas.ip.num.ber 445 and see whether you’re able to connect.

I believe I found the issue, my PC somehow can see the NAS but the NAS is unable to find the PC.



What strikes me is that I can access the Web Gui without any problems. I have verified the rules on my PFsense but cannot figure out what am I doing wrong from the router perspective. I believe it is the router due to the past findings.

whats your subnet mask?

I have separated physical connections. Rules are above.

LAN01 - -
NAS01 - -

Well your putting your NAS on a completely different subnet from your lan. Any particular reason?

I intend to have different rules for different LANs. I want to avoid other computers entering my main LAN01 (in case I decide to connect the NAS to LAN01). Mainly for security. On the other hand, both my router and and NAS connections are 10Gbe. If I connect it to LAN01 directly, I will have a bottleneck because each of my LAN is 1Gbe. So by separating, I can provide each LAN a 1Gbe speed simultaneous.

A “subnet” is not the physical connection you use for the switch/computer, but a logical group of hosts that are directly accessible by each other. In this case, the subnet mask is, which for the based subnet means that it includes IPs in the range … (Note that for some subnets, *.0 and *.255 are reserved for the entire subnet and broadcast, respectively.)

The distinction is that typically hosts can directly access addresses only in the same subnet. To access other subnets, they go through a gateway. Basically, a subnet divides the entirety of the Internet into “my neighborhood” (your subnet), where you don’t need to do anything fancy to access an address, and “the rest of the net”, where gateways and routers need to ensure the packets are sent in the right direction.

Ok I believe I found my error. It would seem that SAMBA only works on the same LAN the device is connected to. I notice that with my current setup I could access the server by ssh and ftp. So everything was correct all along, I just did not know SAMBA only worked on the LAN.

Samba will work fine across networks, I’m not really sure what the problem is. Have you set anything in the samba config that would limit access to only network the server is on?

I have not change anything on the SAMBA side, I left it default. If I connect the NAS directly to my LAN, it works perfectly.

There’s nothing in what you’ve posted that would prevent it from working, so I’m not sure where the problem is but samba will work across networks, my network is configured this way and other than setting the appropriate firewall rules I didn’t need to do anything else to get it working.

Are you using FreeNAS?

No just samba on linux. Freenas could have some kind of ACLs or something but I’ve never used it so I wouldn’t know what to look for.

Add the routes to the other subnets on the nas? … Worth a try IMO