Blocking workgroup discovery
in [Samba]
|
From: Gaiseric Vandal on 24 Jun 2010 08:10 I think, by the fundamental nature of how networking protocols work, that broadcasts do not pass through routers - although with a VPN it may be a little different. However, I have the same situation. A Windows server on the host network shows my "home" workgroup in the network neighborhood. However I can't see my home computer listed in it. If I know the ip of my home computer I can use "net use \\x.x.x.x" to get to shares on it. My VPN client (sonicwall) has a virtual network interface that gets an IP from the same class C range as the host network. From the perspective of the samba server, my home PC is on the local work network. The VPN configuration on the server includes an option "Enable Windows Networking (NetBIOS) Broadcast - disabled" - I am not sure if that means NBT (NetBios over TCP/IP) or the really old NetBEUI (remember Windows for Workgroups?) VPN Clients are not using WINS - I thought this would fix the issues but it didn't. The Samba server is not the WINS server but it is (or should be) the master browser. I don't know if this means that my host PC has registered with the browser on the samba server OR if broadcasts initiated by my host PC on the VPN virtual network interface are passing through the VPN. My local PC's Network Neighborhood only shows its own workgroup, not the corporate one or other VPN users. Maybe I can adjust my Windows firewall setting to block outgoing netbios. -----Original Message----- From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] On Behalf Of Tjerk Jan Vonk Sent: Thursday, June 24, 2010 5:24 AM To: samba(a)lists.samba.org Subject: [Samba] Blocking workgroup discovery Hi all, At my work I`ve set up a VPN. When I connect to it, my colleagues see all the workgroups from my side of the VPN (I live on a campus with ~50 workgroups). Do you know how I block the workgroup discovery on through the VPN gateway? Is the broadcast done on a specific port? Is samba actively repeating the broadcast and their replies? Greetings Tjerk Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: tms3 on 24 Jun 2010 09:00 SNIP > > I don't know if this means that my host PC has registered with the > browser > on the samba server OR if broadcasts initiated by my host PC on the > VPN > virtual network interface are passing through the VPN. My local > PC's > Network Neighborhood only shows its own workgroup, not the corporate > one or > other VPN users. Maybe I can adjust my Windows firewall setting to > block > outgoing netbios. Block port 137 to VPN clients. > > > > > > > > > > > -----Original Message----- > From: samba-bounces(a)lists.samba.org > [mailto:samba-bounces(a)lists.samba.org] > On Behalf Of Tjerk Jan Vonk > Sent: Thursday, June 24, 2010 5:24 AM > To: samba(a)lists.samba.org > Subject: [Samba] Blocking workgroup discovery > > Hi all, > > At my work I`ve set up a VPN. When I connect to it, my colleagues see > all the workgroups from my side of the VPN (I live on a campus with > ~50 > workgroups). Do you know how I block the workgroup discovery on > through > the VPN gateway? Is the broadcast done on a specific port? Is samba > actively repeating the broadcast and their replies? > > Greetings > > Tjerk Jan > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] samba migration from PDC tdbsam to BDC tdbsam Next: [Samba] Samba PDC and big files |