SMB Discovery across VLANs

Installing and Using OpenWrt Network and Wireless Configuration
1

This question has probably been asked so many different times, not always exclusive to SAMBA, but I would like to be able to discover SMB shares from other VLANs.

I have some SBM shares on my Rock64 that's running Debian 10 and OMV (Open Media Vault), and I'm planning to setup HomeAssistant and other applications with Docker. The Rock64 is currently on my Servers VLAN and I have several IoT devices (mostly SmartPlugs at the moment) and a couple of Google devices that are on my IoT VLAN.

At the moment I have some firewall traffic rules in place that allow my LAN VLAN to connect to the SMB shares on the Servers VLAN that my Rock64 is connected to.

config rule
	option src 'lan'
	option dest 'servers'
	option target 'ACCEPT'
	option dest_ip '192.168.8.121'
	option proto 'udp'
	option dest_port '137-138'
	option name 'Allow LAN SMB Access to OMV-Server 137-138'
	option enabled '1'

config rule
	option src 'lan'
	option dest 'servers'
	option target 'ACCEPT'
	option dest_ip '192.168.8.121'
	option proto 'tcp'
	option dest_port '139'
	option name 'Allow LAN SMB Access to OMV-Server 139'
	option enabled '1'

config rule
	option src 'lan'
	option dest 'servers'
	option target 'ACCEPT'
	option dest_ip '192.168.8.121'
	option proto 'tcp'
	option dest_port '445'
	option name 'Allow LAN SMB Access to OMV-Server 445'
	option enabled '1'

This allows me to connect to the SMB shares using the UNC path \omv-server.lan\Public for example so I know inter-VLAN connectivity works at least. However, it would be nice for the server to show up in the Finder/File Explorer and other applications on smartphones for example that do a scan of some kind.

I have tried configuring igmpproxy and avahi see if it would help broadcast traffic from one VLAN to another but I don't see have any luck.

/etc/config/igmpproxy

config igmpproxy
	option quickleave 1
#	option verbose [0-3](none, minimal[default], more, maximum)

config phyint
	option network servers
	option zone servers
	option direction upstream
	list altnet 0.0.0.0/0

config phyint
	option network lan
	option zone lan
	option direction downstream

/etc/avahi/avahi-daemon.conf

[server]
use-ipv4=yes
use-ipv6=yes
check-response-ttl=no
use-iff-running=no
allow-interfaces=br-lan,br-iot,br-servers
enable-dbus=yes

# [wide-area]
enable-wide-area=no

[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=no
publish-domain=yes

[reflector]
enable-reflector=yes
reflect-ipv=no

[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=30
rlimit-stack=4194304
rlimit-nproc=3

Any ideas if this is possible?

1 Like