|
Posted by Mike Drechsler - SPAM PROTECTE on February 28, 2006, 1:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
Gerry Wheeler wrote:
> I have a tunnel established between a pair of BEFSX41s (version 2, latest
> firmware (1.59.2?)). Some communications through the tunnel works, and some
> doesn't and I don't see any pattern. I'm using different subnets for the
> internal addresses of the two LANs.
>
> I can use VNC to connect to one of the remote computers using its LAN
> address. That's good.
>
> I can ping some, but not all, of the computers on the remote side. That's
> bad. I can ping several Windows workstations (WinXP), but not a Linux
> server. I know it responds to pings, because I tested it from a computer on
> the remote side when I was connected with VNC. I'm not sure that Windows vs.
> Linux has anything to do with it.
>
> I can't make any Windows connections, such as connecting to a shared folder.
> That's bad. I can't browse for any computers by name, and I can't see them
> even if I use their IP address (e.g. 2.168.123.100). I have the
> "Broadcast NetBIOS" flag checked on both routers, but regardless I would
> think specifying the IP address would work.
>
> This firmware is only about a month old, and seems MUCH better than previous
> versions in all respects. I'm hesitant to blame it for any VPN problems --
> there are lots of other reasons why VPN can fail.
>
> Does anybody else have experience with a similar setup?
> --
> Gerry
Here is a simple question. Did you look at the firewall settings on the
Windows machines? In Windows XP sp2 the default rules when you enable
file and print sharing still restrict connections to the scope of the
local subnet. Since VNC is not one of the built in application rules it
would be enabled with full internet wide permissions if you created it
with the default scope. If you have all the computers on an active
directory domain you should be able to globally modify the firewall
settings with group policy. The details of this are clearly beyond the
scope of this newsgroup but it's really easy to find the documentation
for the sp2 firewall on the Microsoft technet site in the sp2 deployment
section.
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
or more specifically the firewall deployment document:
http://go.microsoft.com/fwlink/?LinkId=23277
I'm guessing that your Linux server may have similar protection. Many
distributions have a firewall enabled by default these days. Since the
remote side is not one of the local subnets on the box you will likely
need to add exceptions to the firewall rules manually.
As for the broadcast netbios thing. It's very hit or miss. You may be
able to get it to work if you have a Windows domain controller server
with WINS (Or the Linux box emulating a domain controller with WINS).
The computers on the remote network would want to use that server as
their WINS server so they can build a local browse list. The trick is
that only a domain controller will function to collect, merge, and
distribute a domain master browse list. I don't find the broadcast
netbios application layer gateway built into most routers to be very
reliable. You tunnels will need to be up and running for 46 minutes
before I would expect anything to work when it comes to "network
neighborhood" netbios broadcasting functionality. It's just one of
those things. And no amount of lmhosts editing will make things work
unless you have the domain master browser functionality in either a
Linux server or Active directory server running WINS. If you can point
all the clients to the WINS server you don't need to mess with lmhosts
anyhow unless you happen to be trying to get win95 clients working for
some reason. Last you should setup any DHCP server giving out the
address for the WINS server to also specify the Netbios option 46 node
type of 0x8, H, or Hybrid depending on the servers terminology.
For more info I suggest reading some of the information gathered
together here: http://unknownegg.org/tech/
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map