[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] NetBIOS Resolution over IPSEC/PPTP
 Date:  Sun, 27 Jun 2004 19:32:36 -0700 (PDT)
On Thu, 24 Jun 2004, Mitch (WebCob) wrote:
> I wonder if that doesn't exist already (nmbd from samba?) or if it couldn't
> be added as a configurable module - SMB Network Browse Master - not a samba
> server, but just the name browser functionality - configured to peer with
> selective vpn endpoints - would solve things wouldn't it?

Samba's nmbd is sufficient for WINS service but not browsing.  The latter
is based on SMB datagram service, which is provided by smbd, not
nmbd.  And even nmbd isn't exactly tiny.

On Sun, 27 Jun 2004, Mitch (WebCob) wrote:

> This is a problem with netbios broadcast packets not being passed over the
> VPN.
> There has been some discussion about a module for openvpn, which might help,
> and also running nmbd from samba on both sides of the link and configuring
> them to communicate somehow?

I don't see how the type of VPN would affect this, unless OpenVPN *also*
includes some extra stuff for NetBIOS over and above the VPN capability.

> Haven't seen a solution.
> Netgears and Linksys etc do it by allowing netbiod broadcast packets.
> apparently this can't be done in freebsd.

Subnet broadcasts can only target one subnet, so routing them between two
subnets and having them appear as broadcasts on both is just plain wrong.  
It's legitimate to route a subnet broadcast *to* its destination subnet,
but it would appear as a link-level unicast in any earlier hops.  I do
recall something about FreeBSD's being unwilling to handle the latter
case, but I don't know if that can be changed by kernel option or by
sysctl.  I'd rather see them *not* blocked at that level, since one can
always block them in the filter if desired.

					Fred Wright