A client of mine has an RB750GL (6.29.1)
Uplinks are on ports 1 and 5
Ports 2, 3 and 4 are bridged:
ether2 Synology NAS (DS211)
ether4 VPN router (SDSL)
Unfortunately, for now, the VPN router is on the same subnet as the LAN
I want to protect the VPN link trafic and avoid unnecessary noise so I enabled, on Saturday evening, the bridge firewall and created a filter to block forwarding all trafic to the VPN router unless it is destined for the remote PMS server
[RB750GL] > interface bridge filter pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=drop out-interface=ether4 - Op\E9ra mac-protocol=ip
dst-address=!192.168.1.21/32 log=no log-prefix=""
This morning the users called me because they can't access their shares on the NAS
They can ping the NAS, they can even access the NAS WEB console but hey can't communicate via SMB with the NAS
SMB shares with other devices on the network e.g. other Windows workstation and servers work fine
I disabled the firewall on the bridge and all is back to normal
Why is the bridge filter blocking SMB commuinications on the LAN, i.e. between port 2 and port 3 ?