MT2500 as NAS

I want to order the MT2500 exclusively for the purpose to share a USB drive into my home network via SMB, but as I have a rather limited knowledge of IP addresses, I am confused with both IP addresses with a slash and the fixed address

In my ISP router I want to specify for the MT2500 a fixed IP address - (linking the MT2500 own Mac address with the IP address) without any additional slashes. Will this work at all and if so, is there anything I need to do in the MT2500 as well?

I want everything else disabled.

Thank you

Hey there,

If you reserve a static address for your Brume on your upstream router, use the MAC address of your Brumes wan port. Then there is nothing more you need to do on the Brume. Just leave brume to automatically pickup its reservation.

Also, the slash you refer to im assuming you mean eg The slash is just cidr notation for the ip netmask. /24 for example means a netmask of This is typical of home networks.

Again, if you just leave Brume as automatic it will pick up the correct ip and netmask settings.

1 Like

also if the brume is connected via wan port, you’ll need to check the box ‘allow access samba from wan” in the network storage section in Brumes config page.

Alternatively if you want to disable most features and just use as file share, it might be easier to set Brume up in bridge mode. Which is found in network>network mode in config page.

Note after doing this you could connect brume with either lan or wan port to your primary router and would only be able to access it via the previously set reserved ip address (ie brume would no longer create its own local subnet in the address space on its lan port - it will bridge lan and wan)

1 Like

Thank you very much!

Thank you for the replies. Are there any easy ways to get to the Admin panel (typically without hooking up the LAN? That is, any easy way to use the WAN side as the admin since in this set up it has the WAN side same as the existing subnet as the router.

I find that half the built in applications disappeared once the bridge mode is enabled, including Zerotier and Tailscale for example.

To answer this part myself after a little browsing. The simple way is to use the Admin Panel- Applications-Dynamic DNS app which showed:
‘You can enable Dynamic DNS for this router and access this router remotely. There is a delay of up to 10 minutes in the sync of records between DNS servers. This may result in access via DDNS domains not being available immediately after you have just enabled or your public IP has changed. DDNS Test’

This is convenient and should work for from the existing subnet if there is no CGNAT involved - not really sure if it will work otherwise. The same probably applies to the GoogCloud application.

Alternatively you could create a wan—>lan port forward rule with port 80 to

Or if you intend on using Tailscale then you would already have access from other Tailscale. nodes.

I just noticed the ‘open ports on router feature’. Here you could specify port 80, then you should be able to get to brume easily using the ip address which is being assigned from your upstream router.

1 Like

Yep, this is the better solution, under Network-Firewall-Open ports… specify port 80. Then type in a browser the reserved static address for Brume as described in the earlier post and bypass the browser warnings and that’s it.

Thank you!

I’d advise against exposing samba over the Internet. Too risky. WireGuard to your router and access it as if you’re on the LAN. Alternatively, WebDAV is a better option over WAN.

1 Like

I second this, sharing SMB live on internet is asking for trouble.
Although I would say use wiregaurd over Webdav personally.

1 Like

Thank you both, I appreciate the advice. But I am not sure if this is exposing samba to the internet that way, but I am limited in my imagination when it comes to network topology :thinking:. The are no DMZs or port forwarding other than that port 80 for the WAN. The only routing this MT2500 is doing is SMB over the local subnet as network filesharing, behind the existing router that has a firewall protection and in some cases behind a CGNAT. If the Tailscale function is turned on with the MT2500 and the subnet routing is advertised in Tailscale, then SMB routing over the internet is protected by Tailscale authentication and Wireguard end to end encryption.

This set up seems to work okay, not the fastest NAS from a router/gateway, but it is not meant to replace a heavy duty NAS.

Any suggestion to test and improve speed and security of this set up is welcome.

USB SSD file share local subnet.


Routing SMB in a VPN tunnel (Tailscale in your case) should be fine.
Why do you have port 80 (http) forwarded? Is this on the main router?

Oh sorry, that wasn’t meant to say the main router was involved with port forwarding. It was just based on dwyeraidan’s suggestion that it could allow Admin panel to be opened from the wan side of the MT-2500 and it works as described so that there is no need to hook up anything on the LAN side of the MT-2500.

Don’t you have another upstream router performing NAT? That was my understanding from your first post.

In this case doing any of the suggestions would be okay because exposing services on Brumes WAN port is just exposing it to your LAN.

If you ever use Brume as your edge gateway then for sure don’t expose as suggested.