Simple subnet and file sharing

It doesn’t need to be statically assigned - you could use a DHCP reservation on the CISCO for the balance WAN IP, but if you add a static route to the CISCO to enable traffic to route back from the 192.168.1.0 network to the 192.168.11.0 network, then by its very nature the balance 20 wan IP can’t change otherwise the static route becomes invalid.

The other option is to use a routing protocol so that the Balance 20 automatically updates the CISCO when its IP changes. With RIP enabled on the WAN, the balance 20 could have a dynamic WAN IP as it would afvertise what Routes are available to the CISCO (and so the CISCO would know what its IP address is).

However potentially getting a static route and static IP (or DHCP reservation) configured will be less painful than ensuring the CISCO has RIP configured correctly… guess it depends on your deployments.

1 Like

Thanks for your information, you are helping us a lot

Our plan is to distribute many peplink balance 20, and our intent is to simplify installations as much as possible.

the project is very simple: create a subnet from the customer and install our server and our software.

We must avoid touching the customer’s LAN network.

I carefully read your explanation. We thought that setting up DHCP reservation on the customer’s cisco is not a great idea … we do not want to touch the customer’s network and routers.

let’s proceed with changing the WAN of the peplink balance20 in IPFORWARDING. Now let’s do a trial … thanks

Ah. Is it only ever a single server behind the Balance 20? If it is just a single device then you could potentially use IP Passthrough on the Balance. That would turn the balance into a transparent bridge so your server would get an IP of 192.168.1.x even though it is on the LAN of the Balance.

The thing I’m not sure about is if the balance 20 supports IP passthrough. I know the SOHO does…

1 Like

Thanks for the speed with which you answer

I made this:

Changed the WAN from Dynamic IP to Static IP

IP WAN Balance = 192.168.1.247 / 255.255.255.0 / 192.168.1.1 / 8.8.8.8 / 8.8.4.4

Later I moved from NAT to IP FORWARDING

Currently she interrupted me surfing on the LAN Balance20

Now I read … tell me to work on the cisco …

can I somehow avoid that phase?

because I would not like to touch the client’s device …

Sometimes our technicians on the other side find themselves different routers … tplink, netgear, cisco …: '(

Actually … our software currently has only one server

so … I would say yes …

i find that

discussion

but … I do not know if I’m able to set it up …

Seems the Balance 20 does not support IP Passthrough.

You either need a BR1 or a SOHO to be able to use IP passthrough on a wired WAN. If you used IP passthrough your Server would get the IP address assigned to the WAN of the peplink device from the CISCO network (192.168.1.x).

1 Like

Thanks for your answers

I understand that if I want to use my balance 20, to do what I want I have to intervene on the customer’s router, right?

Dear Martin,

I apologize for the delay but I was away for work

So, as per your instructions, we have done so:

  1. On the peplink we have set IP FORWARDING

see screenshot 01, named:

01-Screenshot01-From NAT to IP Forwarding

  1. As a LAN we have set Range 11.X

see screenshot 02, named:

02-Screenshot 02

So doing the computers in the 192.168.11.X network do not connect anymore to the internet!

Sifting on the web we also tried to insert rules (see screenshots 3 and 4, but nothing)

We just need to share a folder … and we would like to work with peplink

I dont know why…

I only include an image for post

I do not want to fill the post … the fourth image does not insert it

OK. I think we need to go back to the beginning on this and think it through.
This is my understanding and some assumptions (correct them as needed):

  1. You want to be able to quickly deploy a file server in any guest/foreign/unmanged network - independent of that networks administrator. (so you don’t want to need any assistance from the remote networks admins)
  2. I assume you are looking to use a Peplink Balance device to allow for easy remote access over PepVPN to the deployed servers - wherever they might be installed.
  3. An added benefit of using a balance (or even a MAX) is that you can add additional connectivity to allow for remote administration (ie USB dongles / dedicated DSL).
  4. You only plan to have a single server deployed per customer/end location.
  5. You don’t say what type of file server you are using so I will assume windows SMB/CIFS file shares.

So lets picture a scenario:

  • Customer Network is 192.168.1.0/24 with DHCP enabled.
  • Your balance has a LAN IP of 192.168.11.254 and is issuing DHCP addresses on 11.1 - 11.253
  • Your file server is a DHCP client and gets assigned the first available IP (192.168.11.1)
  • Your balance WAN is connected to the customer LAN and has been assigned the next available IP in the DHCP scope (for this example 192.168.1.16). It is set to use NAT (not IP forwarding)
  • you would then forward ports from your Balance WAN to the LAN IP of your server to allow the SMB shares to be accessed. To do this you forward ports 137-139 which are used for NetBios/Name Resolution (optional if you are prepared to use the WAN IP address of the balance instead of a server name eg \192.168.11.16\share_name) and port 445 for SMB itself.

That configuration would look like this:

The only issue you might have is if and when the WAN IP of the balance router changes.

What you really want is for the WAN IP to be statically assigned or at the very least for it to have a DHCP reservation on the customer network, as if it changes you would be relying on WINS to work over NAT (which I have never tried) if you want them to connect using a server name (ie \your-file-server-name\file-share).

Or you would need your customer to access it using the IP assigned to the WAN of the balance (\192.168.11.16\share_name) so when that changes your clients will need to change the IP also.

I guess the perfect way would be to get the customer to set a DHCP reservation and add a DNS entry to their router for it so that they could access it using a name.

1 Like

Thanks for the reply,

And thank you for the help you are giving us

Exactly. Our customers do not want us to put their hands on their network.

We will ask the client only 1 static ip to manage our peplink, this is fine.

Now I’ve done so:

Peplink WAN: 192.168.1.245 | 255.255.255.0 | 192.168.1.251 (251 = router)

Peplink LAN: 192.168.11.1 | 255.255.255.0 | Dhcp: 192.168.11.10 to 250

Customer’s Domain Server has ip: 192.168.1.253 (original network)

Our new Domain server has ip: 192.168.11.253 (new subnet)

Unfortunately, our new server sees the client’s server folders, but it’s not the opposite! The client’s server does not see our server!

We await news … I enclose screenshots

OK. So you talk about domains - I assume then that these are windows servers we’re talking about yes?
When you say they can’t see the folders, do you mean that if they type \\192.168.1.245\share_name they can’t browse to the server?

Can you currently route traffic over Pepvpn from where you are to the lan of the balance one? If so can you browse the shared folder from your location(using \\192.168.11.253\share_name)? Is there another device on your network you could test the share locally with to that same IP?

How do you want the customer to access your server? Whats the step by step process? Are they mapping a drive to it? Are they trying to browse over the network to it?

1 Like

****OK. So you talk about domains - I assume then that these are windows servers we’re talking about yes?

yes, they have shared folder with autentication

****When you say they can’t see the folders, do you mean that if they type \192.168.1.245\share_name they can’t browse to the server?

yes, exactly, with ip address or name of pc not access…

altready the ping not work…

****Can you currently route traffic over Pepvpn from where you are to the lan of the balance one?

I do not know how it’s done … maybe I did not understand

****If so can you browse the shared folder from your location(using \192.168.11.253\share_name)? Is there another device on your network you could test the share locally with to that same IP?

yes…in attached a screenshot…see the problem

****How do you want the customer to access your server? Whats the step by step process? Are they mapping a drive to it? Are they trying to browse over the network to it?

connection on the desktop like this: \192.168.1.253\original server folder

connection on the other desktop like this:\192.168.11.253\New server folder

Your second screenshot shows you trying to ping and access the file share of the 192.168.11.253 from a PC in the 192.168.1.x network. This will never work as you are using NAT so the 192.168.1.x network can not send traffic directly to the 192.168.11.x network…

When you are on the 192.168.1.x network, you access the server (192.168.11.253) by using the WAN IP of the Balance router (192.168.1.245 which is also in the 192.168.1.x network) NOT the IP of the server (in the 192.168.11.x network)…

1 Like

thank you very much for your answers

I’ve been away for work, now I’m back for this practice

our client wants us to see tomorrow because we are far behind

the problem is this simple sharing of the folder … we are desperate.

I noticed my mistake.

Now I tried with the wan ip. ping works but does not share folders

I attack everything … I also have the final situation of the client that I attach

Thank you

maybe I can not see the folders for a firewall problem?

If necessary, we disable all firewalls and all protections.

the important thing is that the folders are seen …

Thank you

It feels like a firewall issue. Question is which one the balance or the server.

Turn off the windows firewall on the new server - see if that fixes it - maybe it doesn’t like file share access from an IP in a different subnet.

Then if that doesn’t fix it change the port forwarding to 1:1 NAT on the balance so that all ports are forwarded.

Report back what happens.

1 Like

Thanks for the reply

I tried to disable both firewalls but nothing

Now I can not understand, come and do this:

Then if that doesn’t fix it change the port forwarding to 1:1 NAT on the balance so that all ports are forwarded.

Thanx