MixPlorer SMB connection not possible

[Sagitee]

Hi, I have recently discovered Rethink and I was positively surprised to find that it surpasses the powerful NetGuard, that I was using previously, in many aspects. Thank you for this nice and very effective app. I would like to mention the following issue. I have setup a MixPlorer file manager SMB server on each of two Android 13 LOS mobiles, that had been working fine while I used NetGuard. Rethink seems to block the server connection of MixPlorer (without showing any relative blocking in the logs) and it allows the connection only when I set MixPlorer as excluded in the FW rules. In the logs are shown only the client side connections, which are set as allowed and are properly allowed by Rethink.

Thank you.

[ThreeDeeJay]

I'm not sure the extent of unwanted consequences since I think it'd allow LAN access for all apps, but you could try enabling Configure > Network > Do not route Private IPs (experimental). IIRC I had to use a similar option with NetGuard to access SMB servers with MiXplorer. If that still doesn't work, you might have to whitelist the server IP for MiXplorer, just in case. I just wish we could allow LAN access on a per-app basis like with AFWall+, but maybe this is a limitation of using a VPN/non-root firewall.

[Sagitee]

Thank you for your response.

Your suggestion works but as you mentioned it allows unconditional (no logs, no rules application etc.). LAN access for all apps, which i think is less secure than setting MixPlorer as excluded temporarily in the Rethink's FW settings.

maybe this is a limitation of using a VPN/non-root firewall

As I said it works fine with the non-root NetGuard (without one having to enable the (settings/network options/subnet routing/allow LAN access) option that you mentioned).

This FAQ https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq45 says: The Android VPN service handles outgoing connections only (from applications to the internet), so incoming connections are normally left alone.

If this is valid for Rethink too, it seems that in some way Rethink can intervene (not expected) in that traffic, as isolate or exclude FW modes can block or allow it, but it cannot apply any defined IP whitelisting rule (something expected as it's about an ingoing connection).

[ignoramous]

I just wish we could allow LAN access on a per-app basis like with AFWall+, but maybe this is a limitation of using a VPN/non-root firewall.

You're correct. This isn't possible to do with the current Android VPN APIs.

Your suggestion works but as you mentioned it allows unconditional (no logs, no rules application etc.). LAN access for all apps, which i think is less secure than setting MixPlorer as excluded temporarily in the Rethink's FW settings.

Most apps don't usually initiate any connection to private IPs, so you're good either way (excluding MixPlorer or enabling Do not route Private IPs).

That said, the next version (v055b) has support for Multicast DNS (#1005), which some of the P2P / LAN apps like Syncthing / FritzBox (and MixPlorer?) require to discover services and devices on LAN. May be, if it works like I expect it to, you'd not have to exclude or unroute Private IPs.

[Sagitee]

Thanks for the reply. I'm waiting for v055b.