[ previous ] [ next ] [ threads ]
 From:  =?iso-8859-1?Q?Wynand_K=FCnkel?= <wynandk at eliance dot co dot za>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] ipsec tunnel network neighborhood
 Date:  Fri, 29 Apr 2005 10:08:05 +0200
WINS has everything to do with network browsing, does not directly talk to the browse masters (they
are there for a different reason) and yes, Network Neighbourhood used to be very flaky (sometimes
still is).  There is a difference in functionality and responsibilities between browse masters and
WINS servers.  A previous contributor wrote that broadcasts do not cross boundaries which is 100%
true.  Now bearing in mind that m0n0 (the excellent product that ist is) is a good router, the
logical conclusion would be that braodcasts would not pass through m0n0.

In my experience master browsers only work if there is one subnet with one flat IP address
structure.  The moment you have subnets and routers you HAVE to get at least a WINS server.  Bear in
mind that WINS also used to be the primary way that Windows boxes communicated but has been
deprecated in favour of DNS.

Having said all that, the m0n0 server at my house serves the office DNS and WINS servers to my
locals PC's and servers via DHCP and once my Ipsec vpn tunnel is established, I am for all intents
and purposes "at my office".  I can communicate with my servers and PC's via NetBIOS name or FQDN. 
However having been in the IP industry for a while, I have to say that I have an inherent distrust
in network neighbourhood and do not use it.  There is however no setting that I know of that you
have to set in m0n0 itself.

Can you provide a diagram of the setup.  Maybe I can be of assistance...



-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: 29 April 2005 07:39
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] ipsec tunnel network neighborhood

On 4/28/05, Neil Schneider <pacneil at linuxgeek dot net> wrote:
> Jason Brunk said:
> > I am working to get mono wall setup for a client of mine and his 
> > branch office.  So far the tunnel is working great, I have a wins 
> > server running on one side and every machine on both networks is 
> > registering with it.
> > Name
> > resolution works and everything pings fine.  But network 
> > neighborhood browsing only shows machines on that side of the 
> > network.  Anyone know why the workstations wouldn't be showing the 
> > rest of the machines registered in wins?
> >
> Windows won't do cross-subnet browsing without a master browser on the 
> subnet that knows about all the hosts on the other side. This probably 
> should be in the FAQs if it isn't already. Network neighborhood uses 
> broadcast packets and broadcast packets don't cross network 
> boundaries.

This is going to become a FAQ, but I haven't yet had time to come up with a definitive answer that
I'm satisfied with.

Browsing should work without passing broadcasts, but Windows browsing has always been flaky at best
in my experience, especially across subnets.  A master browser on the remote subnet should
communicate back to the PDC (or likely the PDC-emulator on a 2000/2003 AD network, or which ever
server is the browse master.  that's the PDC if available in a NT 4 domain, so I'm assuming the DC
holding the PDC-emulator FSMO role in AD would pick up the same role - I could be way off).  I don't
believe WINS has anything to do with the browse process in general, though it may have something to
do with how the remote subnet browse master contacts the other subnet's browse master.
 Network browsing is handled by the local subnet's browse master.

This MS KB article might help.  http://support.microsoft.com/kb/q188305/


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch