Hello,
Is there a way to configure the samba to listen on more interfaces?
Currently from the Luci can set only to 1 interface.
I would like to select more interfaces such as lan + wg0 (wireguard interface)
Hi,
check - /etc/samba/smb.conf …
from samba docs: - smb.conf
interfaces = eth0 eth1 eth2
or
interfaces = 192.168.2.10/24 192.168.3.10/255.255.255.0
You can use names of interfaces or IP addresses
I guess this will not survive reboot, as the smb.conf is generated from UCI settings.
In the field you are selecting the interface, you can type as much interface names as you want. Separate them by space. For example lan wg0 wan
–
Not able to add. I can type only 1 but not allowing multiple.
Did you try another separator ? , or ; ? May be …
In Samba docs they use both in examples:
Example: interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
Example: interfaces = eth0, 192.168.2.10/24; 192.168.3.10/255.255.255.0
It might be a bug in the LucI module. Please paste here the /etc/config/samba4 file.
Btw, what is wrong with samba listening on LAN interface only? I have several services listening on LAN interface only and still have no issues accessing them through the wireguard tunnel…
How to access through the wireguard tunnel wo listening on the specific interface?
If I access like smb://192.168.1.1
connections open like 192.168.1.1 even though I start the vpn tunnel on the client.
I expect to connect like smb://10.0.10.1, but can’t connect.
so connection will be opened like 10.0.10.1.
Do you have the correct routes established on your client? It looks you are missing the route to the 192.168.1.0/24 through the VPN tunnel.
root@debian:~# ip route list
default via 192.168.1.1 dev wlxd03745571e49 proto dhcp metric 600
10.0.10.0/24 dev wg0 proto kernel scope link src 10.0.10.2
169.254.0.0/16 dev wlxd03745571e49 scope link metric 1000
192.168.1.0/24 dev wlxd03745571e49 proto kernel scope link src 192.168.1.132 metric 600
On the Debian machine is like above(btw Debian is in the private lan not public)
But when connecting from the Public I need to connect like smb://10.0.10.1.
Yes tried, same error, doesn’t allow multiple entries. I think it is bug in Luci.
Currently seems only way to add multiple interfaces manually to the config file, but that way likely will not survive boots.
Edit:
Manually adding subnets to the conf file doesn’t work as expected and it causes to listen on all subnets+wan regardless of the values(except vpn subnet) 
wg0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.10.1 P-t-P:10.0.10.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1
It seems can’t listen on wg interfaces because it is not BROADCAST.
Tried this(/etc/samba/smb.conf)
interfaces = br-lan 10.0.10.0/24
and this
hosts allow = 192.168.1. 10.0.10.
still no luck
I use multiple interfaces over editing in /etc/config/samba4:
option interface 'lan vpn_turris'
This works perfectly for me.
1 Like
Is your vpn WireGuard or OpenVPN? I have Wireguard VPN.
I am trying to configure Samba to listen on Lan + Wireguard interface or the Wireguard VPN subnet.
Where does that vpn_turris come from? I don’t have such thing.
Btw none of the below works:
interfaces = 'br-lan 10.0.10.0/24'
or
interfaces = 'br-lan wg0' (this one actually crashes samba and doesn’t start, I created another topic for that)
10.0.10.0/24 is the wireguard subnet.
wg0 is the wireguard interface.
When I set like
interfaces = 'br-lan 10.0.10.0/24'
listens on all subnets+wan except 10.0.10.0/24, which is completely wrong.
Nov 30 16:44:37 ares nmbd[6630]: *****
Nov 30 16:44:37 ares nmbd[6630]:
Nov 30 16:44:37 ares nmbd[6630]: Samba name server ARES is now a local master browser for workgroup WORKGROUP on subnet 10.111.222.1
Nov 30 16:44:37 ares nmbd[6630]:
Nov 30 16:44:37 ares nmbd[6630]: *****
Nov 30 16:44:37 ares nmbd[6630]: [2021/11/30 17:44:37.209808, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Nov 30 16:44:37 ares nmbd[6630]: *****
Nov 30 16:44:37 ares nmbd[6630]:
Nov 30 16:44:37 ares nmbd[6630]: Samba name server ARES is now a local master browser for workgroup WORKGROUP on subnet x.x.x.x (THIS IS WAN)
Nov 30 16:44:37 ares nmbd[6630]:
Nov 30 16:44:37 ares nmbd[6630]: *****
Nov 30 16:44:37 ares nmbd[6630]: [2021/11/30 17:44:37.210092, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Nov 30 16:44:37 ares nmbd[6630]: *****
Nov 30 16:44:37 ares nmbd[6630]:
Nov 30 16:44:37 ares nmbd[6630]: Samba name server ARES is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.1
Nov 30 16:44:37 ares nmbd[6630]:
Nov 30 16:44:37 ares nmbd[6630]: *****If you try to edit the file
/ etc / config / samba4
and you enter
option interface ‘lan wg0’
What will happen?
I wrote above, it crashes samba and doesn’t start. I created another topic for that.
Edit:
It listens on lan only, ignores wg0. Crash was actually from ‘br-lan wg0’
The problem is that can’t configure samba to listen on vpn subnet as well beside lan.
But you could just listen on br-lan and allow routing between wg0 and br-lan. Then it does not need to listen on wireguard interface.
For lan maybe yes but how will I connect to samba from the public network(internet)?
When I start vpn on my client from public network, belonging to the 10.0.10.0/24 subnet.
So to access samba I need to type smb://10.0.10.1/ right?
But that doesn’t connect(refused) because samba doesn’t listen on that subnet.
On the other hand other protocols work from public via vpn tunnel.
I can do
ssh root@10.0.10.1
or connect to Luci from browser like
https://10.0.10.1/
No, try smb://192.168.1.1
If I’m connected from another network, that’s how it works for me.
2 Likes