Shared storage on guest network

I have set up a guest WiFi network on my OpenWRT/LEDE router (a TP-Link Archer C7) using the method shown at https://wiki.openwrt.org/doc/recipes/guest-wlan-webinterface
I would like to be able to make some shared storage available to users on the guest LAN - perhaps a NAS, or a drive plugged into the USB on the router. Does anyone know if this is possible and can you give me some pointers on how to do it? Ideally the shared storage would also be available to the main LAN but this is not essential.
Thanks
Andy

I'm guessing you want to use samba to share the drive on the GUEST interface. There is documentation on how to set up samba at https://openwrt.org/docs/guide-user/services/nas/cifs.server

You'll need the proper kernel modules installed for USB storage and the file system, as well as having the storage mount on boot. With current releases, opkg install likely brings in the needed packages with

  • kmod-usb-storage
  • kmod-fs-xxxx (xxxx is file system of choice, matching the formatting of the USB device)
  • block-mount (to ease mounting of device at boot time)

You may wish to partition the USB device to have a "shared" partition as well as a "private" partition, both for separation of private data, as well as preventing a guest from filling up the entire device.

The "extroot" page on the wiki provides some information on how to set up UCI-driven "fstab" that will mount the device on boot. Regrettably, the "block-mount" page on the Wiki is quite a mess. The one "gotcha" I ran into is that you need to edit the output of block detect to enable the mount (option enabled '1' or remove the line entirely). You can also refer to the device by label with option label 'name-of-the-partition'

As something to consider, the Microsoft protocols used by samba are thought by some to be a security risk. Those risks should be balanced with the convenience it supplies to Windows, Mac, and other users.

Having an understanding of Samba will probably be helpful...

https://www.samba.org/samba/docs/using_samba/ch00.html

Thanks, both. I'm familiar with Samba - I run it on my Debian server, though I haven't tried running it on the router yet. It was how to make the storage available on the guest network I was unsure about. I'll have a look at the references you provided and see how I get on.

Dividing the storage into shared and private won't be necessary in my case as the storage is purely for the guest network - the private LAN uses storage on the Debian server.

Regarding Samba security - doesn't it rather depend which version of the SMB protocol is being used and which version of Samba is installed? I know that V1 of SMB is regarded as insecure and has been deprecated, but I think newer versions should be OK.

I've been busy but I've just returned to trying to get this set up. I've got the USB storage working on the router (with help) and I've got Samba installed and running, so I can access the storage from my main (private) LAN. However, I can't figure out how to make it accessible on the guest network. I realise that this is a slightly unusual thing to do, but I want this storage so that devices on the guest network can share files with devices on the private network without having direct access to the rest of the main network.
Can anyone give me some pointers? I set Samba up via LuCI, but I'm open to either a LuCI or command line based approach.
Thanks
Andy

First off, make sure that you have a very current version of the source, as there were recently announced patches to resolve vulnerabilities.

https://www.samba.org/samba/history/security.html

Once you have a current version, I'd start with reading the documentation on how to have samba "listen" on more than one interface. Sections talking about "bind interface" are likely the ones you'll need to configure.

https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html

Note also that netifd may not have created the wireless-related interfaces when nmbd and smbd are started. You may need hot-plug scripts to restart or reload them on network changes, such as creation (and possibly destruction) of wireless interfaces.