Configuring an OpenWRT Router to Access a Samba Server from Android Devices

deepdarkfantasy · October 19, 2024, 3:31pm

Sorry in advance if my writing is not clear, because I am not an expert in this field.

I have 2 routers, 1 Linux box and 1 Android smartphone.

Router A:

Gateway: 192.168.100.1
Subnet: 192.168.100.0/24
OS: Non-OpenWRT
Internet sources
The router was loaned by my ISP

Router B:

Gateway: 192.168.254.1
Subnet: 192.168.254.0/24
OS: OpenWrt (OpenWrt SNAPSHOT r27454-d97dced259 / LuCI Master 24.262.77208~470bb2b)
Connect to router A via lan port #2 on router A
IP obtained from Router A's DHCP server: 192.168.100.100

Linux Box:

Connect to router A via lan port #1 on router A
IP obtained from Router A's DHCP server: 192.168.100.2
Running Samba Server with available ports 137, 138, 139 and 445 and no firewall settings that limit access.

Android Smartphone:

IP obtained from Router B's DHCP server: 192.168.254.10

The question is, how to configure Router B (OpenWrt) so that Android devices connected to Router B via WiFi can access the Samba Server automatically using the VLC Media Player application on Playstore? (without type the ip address manually)

brada4 · October 19, 2024, 4:12pm

100.1 is backup-nat by docsis. Power off provider router ant then connect only one next router, then power on provider one then other.
VLC includes support for obsolete CIFS1.0. It should be a challenge first you solve in local LAN.

psherman · October 19, 2024, 4:16pm

Define "automatically" here? Are you referring to via a domain name instead of an IP address?

dekeonus · October 19, 2024, 4:47pm

You would need the ISP router to be providing dns name service for the hosts it provides dhcp leases for:

i.e. Linux Box got an ipv4addr from router A.
Router A needs to add a hostname <-> ipv4addr mapping and provide that over dns.
It is possible the ISP's router (Router A) is only forwarding dns requests upstream. You would need to see if you can configure it (with dnsmasq or similar).
ALSO you need to make sure the Linux Box is sending it's hostname to the dhcp server. (unless you have a static lease assigned for Linux Box on Router A - but that static_lease-to-dns_name still needs to be published in Router A's dns cache)

deepdarkfantasy · October 20, 2024, 1:09am

Yes... kind of like that.

Previously, I successfully accessed the Samba server on the Linux box using VLC media player on Android by its IP address (192.168.100.2).

The router B's firewall settings are as follows:

config defaults
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'DROP'
	option synflood_protect '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option family 'ipv4'
	list network 'lan'

config zone
	option name 'wan'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'DROP'
	option masq '1'
	option mtu_fix '1'
	option family 'ipv4'
	list network 'wan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option family 'ipv4'
	option target 'ACCEPT'

config redirect
	option dest 'wan'
	option target 'DNAT'
	option name 'test'
	option family 'ipv4'
	option src 'lan'
	option src_dport '139'
	option dest_ip '192.168.100.2'
	option dest_port '139'

config redirect
	option dest 'wan'
	option target 'DNAT'
	option name 'test2'
	option family 'ipv4'
	option src 'lan'
	option src_dport '445'
	option dest_ip '192.168.100.2'
	option dest_port '445'

Now, I need to automatically detect the Samba domain when using VLC media player on Android.

The Linux box also has an Unbound DNS server configured, and the router B's DNS listens to the Linux box.

The router B's dhcp settings are as follow:

config dnsmasq
	option rebind_protection '0'
	option domain 'arpa'
	option expandhosts '1'
	option cachesize '0'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '0'
	option ednspacket_max '1232'
	option sequential_ip '1'
	option boguspriv '0'
	option nonegcache '1'
	option port '53'
	list interface 'lan'
	option dhcpleasemax '10'
	option max_cache_ttl '0'
	option dnsforwardmax '1500'
	option min_cache_ttl '0'
	option domainneeded '1'
	option authoritative '1'
	option noresolv '1'
	option strictorder '1'
	list server '192.168.100.2'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'

The router B's network settings are as follow:


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config device
	option name 'br-lan'
	option type 'bridge'
	option ipv6 '0'
	list ports 'eth0.2'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option delegate '0'
	list ipaddr '192.168.254.1/24'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '3 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

config device
	option name 'eth0.2'
	option type '8021q'
	option ifname 'eth0'
	option vid '2'
	option ipv6 '0'

config device
	option name 'eth0'
	option ipv6 '0'

config device
	option name 'eth0.1'
	option type '8021q'
	option ifname 'eth0'
	option vid '1'
	option ipv6 '0'

config device
	option name 'phy1-ap0'
	option ipv6 '0'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth0.1'
	option hostname '*'

And I want to tell that the router A's do not allow me to change DNS DHCP. The ISP locks the section to change DNS manually on its router.

By the way, the router A model name is HG8145V5 (GPON Modem+Router).

Update:
Actually, I can still use 1 LAN port available on router B and connect the Linux Box directly to that port to make setting up the Samba Server easier.

However, because router B is relatively low-end, I connected the Linux Box to router A using the 1st port on router A for the reason that router B can work faster.

Router model B is BL201. BL201 and BL100 have the same hardware. The difference is, the BL201 does not have a 4G modem and the BL100 does. So I used the BL100 firmware on a BL201 device. I hope that doesn't cause any problems.

psherman · October 20, 2024, 1:30am

If you're talking about true auto-discovery, typically that means that devices need to be on the same subnet.

You could try the avahi mdns repeater/reflector across the lan/wan boundary.

dekeonus · October 20, 2024, 6:22am

That's not possible: traditional (and depreciated - insecure protocol) network workgroup browsing relies on broadcast packets and so can only reach the connected subnet. Newer workgroup browsing is using WS-Discovery which is using multicast packets and also will only reach connected subnets.

However you could try adding to smb.conf on the Linux box

[global]
remote announce = ??.??.??.255

where ??.??.??.255 is the broadcast address of the lan the android device is connected to.
I doubt it will work, and you would need to configure the openwrt router (Router B) to accept forwarding those packets (ports 137/udp 138/udp). This is for the old netbios browsing protocol. I'm not sure there is a way to do this with WS-Discovery (which samba doesn't implement anyway).