[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ipsec tunnel network neighborhood
 Date:  Fri, 29 Apr 2005 01:39:26 -0400
On 4/28/05, Neil Schneider <pacneil at linuxgeek dot net> wrote:
> Jason Brunk said:
> > I am working to get mono wall setup for a client of mine and his
> > branch
> > office.  So far the tunnel is working great, I have a wins server
> > running on
> > one side and every machine on both networks is registering with it.
> > Name
> > resolution works and everything pings fine.  But network neighborhood
> > browsing only shows machines on that side of the network.  Anyone know
> > why
> > the workstations wouldn't be showing the rest of the machines
> > registered in
> > wins?
> >
> Windows won't do cross-subnet browsing without a master browser on the
> subnet that knows about all the hosts on the other side. This probably
> should be in the FAQs if it isn't already. Network neighborhood uses
> broadcast packets and broadcast packets don't cross network
> boundaries.

This is going to become a FAQ, but I haven't yet had time to come up
with a definitive answer that I'm satisfied with.

Browsing should work without passing broadcasts, but Windows browsing
has always been flaky at best in my experience, especially across
subnets.  A master browser on the remote subnet should communicate
back to the PDC (or likely the PDC-emulator on a 2000/2003 AD network,
or which ever server is the browse master.  that's the PDC if
available in a NT 4 domain, so I'm assuming the DC holding the
PDC-emulator FSMO role in AD would pick up the same role - I could be
way off).  I don't believe WINS has anything to do with the browse
process in general, though it may have something to do with how the
remote subnet browse master contacts the other subnet's browse master.
 Network browsing is handled by the local subnet's browse master.

This MS KB article might help.  http://support.microsoft.com/kb/q188305/