Hi there,
I have the following scenario:
Mikrotik (Main router) [1.5.1.0/24] <---> Linksys (OpenWRT DumbAP) [1.5.1.100]
I use that DumbAP for connecting my personal devices directly to the Mk. I use Samba with them without problems.
My concern is, how to allow other routers in the same "1.5.1.0/24" net to see my Share?
I tried several recommendations but I am not able to find the link coupling for this to work.
Any ideas?
Can you precise what you mean by this?
Can another device, no router, see this device already?
–To make the devices be able to open the drive through VLC for example.
–Nobody else except devices connected to that DumbAP.
Well, that's not a consistent description. In a "dump" AP scenario, the AP and its client devices are all part of the main router's network, and therefore they can be accessed by the clients of they main router.
If you have a different subnet for the AP then that's not a dump AP; that's a router with an AP.
Edit: I must have missread that earlier! I somehow saw them as different networks!!!
The choice of whether you want a "dump AP" or a router +AP will depend on your requirements. But presuming that you have a good reason to want to have the AP make its own subnet quilt at the same time make the SMB share available to the main router's clients, then you need to forward that port on the firewall of the AP (well, the Router-AP).
Sorry I just noticed that, but it's the same concept. If you need VLC access, also from the WAN side, then you will need to forward whatever port VLC uses.
Well, the AP has assigned a static IP at the main router. That AP has no DHCP at all. So every device connected to it (wireless or not) goes directly to the main router.
I tried on firewall settings but not sure if I have do it as well at the Mikrotik firewall. I could figure it out.
You totally lost me here. The IPs you mentioned shows that the AP is on a different subnet.
Do you mind explaining if you are connecting its WAN port or one of the LAN port to the router?
No, you don't need to touch that. The firewall separates the LAN from the WAN. I understand that all your devices are at the LAN side of the main router, so you don't need and you shouldn't forward it open any ports on the main router's firewall.
This may exemplify.
It is not that the main router has assigned an IP to the dAP. I had that 10.50.10.100 space left for it.
It would really help if you elaborate and mention the whole story instead of leaving it up to us to connect the dots and guess what you don't explain.
Please explain the following
1- how your main router gets Internet.
2- LAN IP of your main router.
3- how your AP is connected to the main router? LAN-WAN or LAN-LAN?
4- LAN IP of the AP.
5- What other networking devices are connected to the network? Where and how?
The thing is that this last picture you have suggests that the AP is connected to the main router LAN-LAN, so Why are you assigning IPs on different network to them? This is a mystery.
It might possibly be best if you draw a diagram of the network labeling connection points and IPs. I know it might take some time, but it also take some time from people to reply to you, so please try to give as much details as possible.
1- how your main router gets Internet.
Docsis and receives a public IP.
2- LAN IP of your main router.
10.50.10.0/24
3- how your AP is connected to the main router? LAN-WAN or LAN-LAN?
By ethernet.
4- LAN IP of the AP.
The AP does not have a leased IP. I just left that space in blank in main router so other devices cannot use it an cause conflicts.
5- What other networking devices are connected to the network? Where and how?
Mainly OpenWRT routers by ethernet.
The thing is that this last picture you have suggests that the AP is connected to the main router LAN-LAN, so Why are you assigning IPs on different network to them? This is a mystery.
As I stated, to avoid that LAN IP be used for other devices. It's not being leased.
OK it seems I somehow missread the IPs earlier and thought they AP wasn't on the same subnet as the main router.
So now I infer the following from what you said. Please clarify if any assumption is wrong:
I am not sure what you mean. Probably that this IP is statically set on the AP, and that the DHCP range on the main router execludes that IP.
If my understanding is correct, then that should be fine. You probably should try to ping the AP from the other routers (well, switches) and see if that works.
If they can't ping each other then you may try eliminating the central switch and see if it's weekdays causing the problem.
- Only main router (probably 10.50.10.1) is actually functioning as a router.
Correct.
- 10.50.10.100, 10.50.10.101 and 10.50.10.102 are all working as switches/AP only. All connected by a LAN (not the WAN) port to the central switch.
.101 and .102 are normal routers connected by WAN from the central switch. Main router has assigned them their WAN IPs.
- You are not utilizing any VLANs on those devices.
Not really. I just assigned one VLAN for a segment of the ports of those routers but for internal LAN of themselves.
- The switch isn't a managed switch.
It is not.
I am not sure what you mean. Probably that this IP is statically set on the AP, and that the DHCP range on the main router execludes that IP.
It's just a static IP at the main router to save that IP.
If they can't ping each other then you may try eliminating the central switch and see if it's weekdays causing the problem.
I can PING them from the diagnostics page of OpenWRT.
So 101 and 102 can both ping 100, but their clinets can't?
10.50.10.101 and 10.50.10.102 can ping 10.50.10.100 from diagnostics. Also, their own clients can ping .100 too.
So I'm not sure what the problem is, then. What exactly doesn't work?
and you said earlier:
if it's the share, how are you trying to access it?
Presuming the folliwing:
Then the only other thing I can think of is that it's blocked by the firewall of the client. For example, if the network profile on the count for the other router network is set to public.
Your presumption is correct.
The firewall thing might be possible. The only thing is that looking into RouterOS firewall settings for this case is like looking a needle in a hay stack. I read something related to ports used by Samba but I am not a networking expert.
Not the router's OS. The PC OS.
The thing is that for the PCs, the AP is upstream, so the firewall shouldn't block them from accessing the AP or the share (access from the LAN side of allowed).
The opposite scenario, however, would be what you are talking about. If you had the share on 101 and you wanted to access it from the clients of the AP or the clients of 102, then that access attempt would be from the WAN side and the firewall would block it unless you forwarded that port to the LAN side.
So it could be the Windows firewall that's recognising the network as public and hence blocking file sharing.
If not, then maybe you should post the output of the folliwing commands for 100, 101, and 102. You may redact passwords, MAC adresses and public IPs. Please use the Preformatted Text tool </> to include the code:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall