1

I'm trying to wrap my mind around why this isn't working:

  1. Fileserver resides in a (virtual) network under a CloudStack VPC 10.1.1.0/24
  2. Client machine is on a Physical network (also the edge router) 192.168.1.0/24
  3. There are static routes setup between both subnets and pinging both machines work fine (as well as tracert)
  4. Windows firewall on the client machine is set to allow "any subnet" for File and Printer Sharing
  5. Can't find the file share via "\FS" - invalid location
  6. Ping to "fs" works
  7. Nslookup "fs" also points to the right address
  8. VPC rules allow for Egress traffic from 10.1.1.0/24 and both Ingress+Egress from 192.168.1.0/24 (even tried swapping to full allow for both Ingress+Egress)
  9. Attempting to connect from the physical machine gives this error: "file and print sharing resource is online but isn't responding to connection attempts"
  10. Attempting to connect from a VM on the same physical network works fine
  11. IIS on the FS is accessible from all machines including the physical machines
  12. Same for RDP. Only file sharing is somehow blocked
  13. tcpdump of the 10.1.1.0/24 interface of the CloudStack router for port 445 shows that the inbound traffic from the physical machine is hitting the router but there is no outbound response. Confirms the error " "file and print sharing resource is online but isn't responding to connection attempts".
  14. tcpdump shows outbound traffic from the FS to another VM on the same physical network and subnet as the physical machines but all the other physical machines don't get any reply when accessing "\FS"
  15. Seems like file sharing is being blocked by something. There's some hidden setting somewhere that is causing the file server to discard SMB packets (no outbound traffic on router tcpdump) from outside the subnet. Any ideas where to look?
  16. I really wish I could use site-to-site VPN but it seems to be broken for ACS

Thanks in advance!

Joshua
  • 11
  • 5
  • So this traffic is traversing the public internet? – EEAA Aug 06 '16 at 13:03
  • No both networks run on separate hardware but are connected via the same edge router – Joshua Aug 08 '16 at 11:23
  • Well, in that case, start performing packet captures at various points in your network to identity where this traffic is getting blocked. – EEAA Aug 08 '16 at 20:16
  • I have. As I said in 13, the file server is discarding the packets upon receiving as there's no outbound traffic on the ACS router – Joshua Aug 10 '16 at 00:57
  • Here's a paste of the tcpdump ran on the file server with being the IP of the client and being the IP of the FS http://pastebin.com/GhjwFuxU – Joshua Aug 10 '16 at 07:15
  • Here's a paste of the tcpdump when using the VM that is on the same subnet as the client physical machine http://pastebin.com/6jTHBDvf – Joshua Aug 10 '16 at 07:21

0 Answers0