Accessing samba file server on external subnet through router(s)

I have the current general setup:

Internet
|
modem
|
\--Router1 (10.0.0.1/16)
      |
      \--Client(s) (10.0.1-225.3-225)
      \--Router2 (198.168.1.1/24, 10.0.0.2)
            |
            \--Samba File Server1(198.168.1.2)
            \--Client_A (192.168.1.100)
            \--Router3 (192.168.2.1/24, 192.168.1.3)
                  |
                  \--Samba File Server2(198.168.2.2)
                  \--Client_B (192.168.2.100)
                  |
             <additionally I would like to continue this in the future>
                  |
                  \--Router4 (192.168.3.1/24, 192.168.2.3)
                        |
                        \--Samba File Server3(192.168.3.2)
                        \--Client(s)_C
                        \--Router5(192.168.etc.etc)

Additional Notes:

I'm total nub to networking XD, I'm stuck on this for 2 weeks with no luck.
Samba 3.6.6 on Ubuntu Server all configured to use:
- netmask/24(255.255.255.0),
- gateway 192.168.X.1 (router's LAN IP),
- network 192.168.X.0,
- broadcast 192.168.X.255,
- WIN server enabled and WORKGROUP1,2,etc.
Pinging:
- I am able to ping all servers from nested subnets. eg. I can ping Server1 from Client_B,
- I am not able to ping internal clients. eg. I can't ping Server2 or Client_B from Client_A (this is a security thing I want to keep if possible).
Samba Server works on same subnet: Server1 shows up on Client_A's Windows "network" list; Server2 shows up on Client_B's "network" list.
Each router has:
- DHCP enabled and NAT enabled,
- Default Routing tables for all routers,
- No port forwards (I did try forwarding 137-139,445)
I do have internet accesses from nested subnets.

The PROBLEM: Server1(192.168.1.2) will not show up on Client_B's (192.168.2.100) Windows "network" list. How could I get Client_B to recognize Server1?

Client_B does recognize Server2. I *have been changing workgroup name to match server changes, but still Server1 will not show up on Client_B's "network" list.

If possible, I would like to do is to keep it so that the nested subnets can look out and recognize external subnet servers, but make it hard to look into the nested subnets. I'm also trying to keep it recursive so I just need to attach new routers and servers as I go with the same type of configuration.

When I get home tonight I'll try connecting directly using '\192.168.X.2\stuff' method, and let you know. But I really would like it so people only need to change their workgroup name to access the servers.

Update Oct-17-2015: Typing in IP of Server1(\192.168.1.2) into Client_B's explorer window connects to Server1. Will next try Enry's idea to forward ports 137 and 139 individually to see if it will help Client_B see Server1 as part of "network."

flamingpope

Posted 2015-10-16T17:05:44.813

Reputation: 11

Thank you Steven for editing it! I'm sorry to have made you go through it and enter it all in. I'll make sure to learn to use syntax for future posts. – flamingpope – 2015-10-16T18:08:51.770

You have cascaded a pile of routers behind each other without understanding how routing works. There is no way this is going to work. – qasdfdsaq – 2015-10-16T19:16:34.637

Incidentally this question has been asked many times before, and answered many times before. – qasdfdsaq – 2015-10-16T19:17:49.080

Hi, qasdfdsaq. You're right, but I'm trying my best god dammit in my free-time to get this setup and learn a little about routing. It took me two weeks just to setup Samba alone. There's just so much terminology(not knowing what terms to use in search) and the only helpful search result I got was to use "\192.168.X.X" in the explorer window. Still the "\192" answer doesn't suffice, I'm looking to make the setup stupid-proof so even I can't mess it up. More up-time less network maintenance. – flamingpope – 2015-10-17T05:07:54.897

Problem is your network is set up in a way you have to deliberately circumvent the way Windows is designed to work by default. You haven't explained any reason why. – qasdfdsaq – 2015-10-17T23:48:38.610

My purpose for the setup is to make it so that only people with access to the subnet can see/find the server. Basically to use the NAT as a security measure, and to have *tiered access. This way people that have access have to be physically on a nested subnet before they even try entering in a password for the server - which to me made sense, as people physically at a location tend to have a reason or stick-out. The windows "network" requirement was mainly for window users. – flamingpope – 2015-10-18T00:27:59.563

I just learned intro to nodes! Do you know of a good place where I can learn more about nodes and how to use them? The websites like Microsoft I find are too much terminology without much explaining or practical examples. – flamingpope – 2015-10-17T04:49:42.387

I'm not sure what to put into the IP address for the port forwarding. Should I be putting in the LAN client, LAN, 0.0.0.0, or external server's IP? My guess is I should be putting in the LAN IP, so it would be routed internally? Let me know if I got it right. – flamingpope – 2015-10-17T04:56:49.237

Just tried forwarding 137-139 UDP and UDP/TCP(both) to Client_B (192.168.2.100), network (192.168.2.0), and broadcast (192.168.2.255); with power cycle in between and checking the windows "network" on Client_B. Unfortunately none of the 6 configurations worked. Was still able to ping Sever1 successfully for all 6. Would being in NAT mode affect this? – flamingpope – 2015-10-17T14:30:29.017

NAT is going to cause numerous headaches. Just use proper routing between the subnets and set simple firewall rules. – qasdfdsaq – 2015-10-20T14:05:26.337

Accessing samba file server on external subnet through router(s)

Answers