Hello
I want to order the MT2500 exclusively for the purpose to share a USB drive into my home network via SMB, but as I have a rather limited knowledge of IP addresses, I am confused with both IP addresses with a slash and the fixed address 192.168.8.1
In my ISP router I want to specify for the MT2500 a fixed IP address - 192.168.100.181 (linking the MT2500 own Mac address with the IP address) without any additional slashes. Will this work at all and if so, is there anything I need to do in the MT2500 as well?
If you reserve a static address for your Brume on your upstream router, use the MAC address of your Brumes wan port. Then there is nothing more you need to do on the Brume. Just leave brume to automatically pickup its reservation.
Also, the slash you refer to im assuming you mean eg 192.168.0.1/24. The slash is just cidr notation for the ip netmask. /24 for example means a netmask of 255.255.255.0. This is typical of home networks.
Again, if you just leave Brume as automatic it will pick up the correct ip and netmask settings.
also if the brume is connected via wan port, youâll need to check the box âallow access samba from wanâ in the network storage section in Brumes config page.
Alternatively if you want to disable most features and just use as file share, it might be easier to set Brume up in bridge mode. Which is found in network>network mode in config page.
Note after doing this you could connect brume with either lan or wan port to your primary router and would only be able to access it via the previously set reserved ip address (ie brume would no longer create its own local subnet in the 192.168.8.0 address space on its lan port - it will bridge lan and wan)
Thank you for the replies. Are there any easy ways to get to the Admin panel (typically 192.168.8.1) without hooking up the LAN? That is, any easy way to use the WAN side as the admin since in this set up it has the WAN side same as the existing subnet as the router.
I find that half the built in applications disappeared once the bridge mode is enabled, including Zerotier and Tailscale for example.
To answer this part myself after a little browsing. The simple way is to use the Admin Panel- Applications-Dynamic DNS app which showed:
âYou can enable Dynamic DNS for this router and access this router remotely. There is a delay of up to 10 minutes in the sync of records between DNS servers. This may result in access via DDNS domains not being available immediately after you have just enabled or your public IP has changed. DDNS Testâ
This is convenient and should work for from the existing subnet if there is no CGNAT involved - not really sure if it will work otherwise. The same probably applies to the GoogCloud application.
I just noticed the âopen ports on router featureâ. Here you could specify port 80, then you should be able to get to brume easily using the ip address which is being assigned from your upstream router.
Yep, this is the better solution, under Network-Firewall-Open ports⌠specify port 80. Then type in a browser the reserved static address for Brume as described in the earlier post and bypass the browser warnings and thatâs it.
Iâd advise against exposing samba over the Internet. Too risky. WireGuard to your router and access it as if youâre on the LAN. Alternatively, WebDAV is a better option over WAN.
Thank you both, I appreciate the advice. But I am not sure if this is exposing samba to the internet that way, but I am limited in my imagination when it comes to network topology . The are no DMZs or port forwarding other than that port 80 for the WAN. The only routing this MT2500 is doing is SMB over the local subnet as network filesharing, behind the existing router that has a firewall protection and in some cases behind a CGNAT. If the Tailscale function is turned on with the MT2500 and the subnet routing is advertised in Tailscale, then SMB routing over the internet is protected by Tailscale authentication and Wireguard end to end encryption.
This set up seems to work okay, not the fastest NAS from a router/gateway, but it is not meant to replace a heavy duty NAS.
Any suggestion to test and improve speed and security of this set up is welcome.
Oh sorry, that wasnât meant to say the main router was involved with port forwarding. It was just based on dwyeraidanâs suggestion that it could allow Admin panel to be opened from the wan side of the MT-2500 and it works as described so that there is no need to hook up anything on the LAN side of the MT-2500.
. The are no DMZs or port forwarding other than that port 80 for the WAN. The only routing this MT2500 is doing is SMB over the local subnet as network filesharing, behind the existing router that has a firewall protection and in some cases behind a CGNAT. If the Tailscale function is turned on with the MT2500 and the subnet routing is advertised in Tailscale, then SMB routing over the internet is protected by Tailscale authentication and Wireguard end to end encryption.
