SMB over dedicate interface is not working right

[ssts100]

My TrueNAS have 2 interfaces on 2 subnets. One is dedicated to admin(GUI) and the other one is dedicated to SMB.
My computer is on the same subnet as the admin interface. When opening the SMB share, it feels laggy(takes a while to load). Creating a new folder will take 10-15 seconds. Copy file over will cause time out with error (lost connection to the server). If I add the admin interface IP to the SMB service and test from there, everything is fine.

TrueNAS Core 12

 

[millst]

I'd guess you're seeing something similar to this:

Multiple VLANs and Asymmetric Routing (how to avoid this issue)

I think this would best be explained with a sample scenario to make it make sense. TrueNAS is on 2 subnets LAN = 10.10.10.0/24 Management = 10.10.11.0/24 SMB shares need to be accessible on LAN, but WebGUI is disabled. However, a single IP on LAN needs to be able to connect to the web GUI...

www.truenas.com

 

[ChrisRJ]

From your rough description things work as expected. After all, if your client is connected to the admin LAN only, it should not be able to access SMB at all.

What is it you want to achieve with this configuration?

 

[ssts100]

From your rough description things work as expected. After all, if your client is connected to the admin LAN only, it should not be able to access SMB at all.

What is it you want to achieve with this configuration?

Just want to separate management and SMB traffic. Then use the firewall policy to handle the rest.

I know this is wrong, but I always feel like a package received on one interface should return back from the same one even if it is not the shortest route.

 

[ChrisRJ]

Just want to separate management and SMB traffic.

This would require you to either have two different PCs (one for management, one for regular work), or to change the network of the machine in question depending on what you are doing (which is impractical).

That kind of network separation is common in larger organizations. But they also have machines that, mostly for security reasons, are used exclusively for management purposes. Also, those machines are usually/hopefully in a physically secured location.

 

[Elliot Dierksen]

I know this is wrong, but I always feel like a package received on one interface should return back from the same one even if it is not the shortest route.

IP routing doesn't work that way. If the device routing between your networks is a firewall, I am surprised it works at all. Most firewalls will reset the connection if it only sees one side if it. Normal IP routing looks in its own routing table to determine the return path for a packet, regardless of the interface on which the packet was received. My question is why not run SMB on both interfaces if the management interface network is more secure? Is there a security policy you are trying to meet that says you can't run SMB on the management network?