Allow Access to Samba from WAN Issues

On my Brume 2 I have an SSD plugged in via USB and set up with Samba to expose the files outside my network. I also am running a wireguard server on the Brume 2.

When connected to the WG server from my laptop client, I am able to access the Samba folder from the internal IP of \\Daniels Movie Archive

However I want to access the Samba folder when NOT connected to the VPN. The instructions say to enable “allow access to Samba from WAN” then replace the internal IP with the public facing IP. I did this and am trying to connect to \\Daniels Movie Archive however it still won’t connect unless I enable the VPN.

Am I misunderstanding what this setting is supposed to do or how to use it?

Never ever, repeat after me, never ever, use Samba without VPN via WAN.

It’s that dangerous that you can call it security suicide.

ok, you done scared me straight. how come? what is that setting for then?

problem is i want to expose my Samba NAS to my Amazon Firestick, how am I supposed to do that without VPN, as there is no WG VPN for Firestick as far as I know?

Could be allowed via WAN in the event Brume2 is providing only VPN services. For this configuration, you would use the WAN port and would need to allow services like SSH and HTTP(s) from the WAN side. This would include SAMBA. It could also be that the devs were leaving security up to the user. But I concur, exposing SAMBA externally is a terrible idea. The protocol has had some significant security flaws over the years and it doesn’t really handle high latency very well (even over a VPN).

latency hasn’t been an issue for me. I have a ssd movie archive connected to the Brume by USB 3. I’ve enabled Samba with username/password protection (no anonymous users).

Then from my girlfriend’s laptop in France, she is able to connect to WG VPN, thenthe Samba folder, and then stream the movies right into her VLC player. This is the goal, as I can share this folder with friends and family who can watch my movie collection.

The issue is if people want to stream directly to their smart tv or firestick/roku/apple tv, etc where there’s no way to connect to WG VPN. I want those devices to simply connect to the Samba folder (with username/password) so they can stream the movies.

I swear when I first set this up I was able to get it to work on my MX player on the Firestick, but now it’s not. I’m wondering if there’s another setting to allow this I’m missing.

It is very possible that the ISP is blocking access to the that port because of the constant abuse of SMB/SAMBA. There are solutions that can do what you want to do, but they will require setting up a NAS or computer (Pi or other SBC work if you are particular about the source media). Jellyfin, Plex, Emby all come to mind. But I don’t think any will run well on the router platform.

1 Like

Yep, media servers like Jellyfin are the way to go. Sharing Samba across the internet is just … dumb, to be honest. So don’t do it.

can Jellyfin run on the Brume? that’s what I’m trying to get to work here, doesn’t have to be Samba. just want to be able to access my movie ssd via the Brume since it’s connected by the USB port

No, Jellyfin mostly requires better CPU and more RAM.
Samba is only for local filesharing.

You could send your friend / family another router so this router will establish a VPN tunnel to your router so the FireTV would be able to find it.

Or you can have a look into ZeroTier - maybe this is available for FireOS.