[BillingsLUG] WAN to WAN help question

dan dandenson at gmail.com
Fri Jul 16 23:26:45 MDT 2010 

in-line

On Fri, Jul 16, 2010 at 11:13 PM, Mike Berry <madeinmontana at bresnan.net>wrote:

>  Dan, thank you!!  That really helps getting it spelled out,(I've never
> seen it written so well), I hope all that rattled off your head fast, so you
> didn’t have to take a lot of time writing it.
>
>
>
I have had to solve this problem myself :) I'm also a giant nerd :)

> One last question?: Jumping to the last line, “recommended option”: will
> that still work if I want to use static IPs and limit the networks with a
> limited number of IPs needed for workstations, printers, and necessary
> devices?
>
>
>
Sure, I have personally moved away from statically assigning anything so I
always recommend DHCP.  I do put 'sticky' IP addresses on printers and other
utility devices.  I drop in an entry in DHCP for that MAC address so that it
still gets an IP via DHCP but gets the same one each time (and no other
device gets that IP either).  This is trivial in a cisco, pfsense, linux, or
windows DHCP server and helps manage devices easily.

Again, thank you very much!
>
> mb
>
>
>  ------------------------------
>
> *From:* billingslug-bounces at billingslug.org [mailto:
> billingslug-bounces at billingslug.org] *On Behalf Of *dan
> *Sent:* Friday, July 16, 2010 12:32
>
> *To:* Mailing list for the Billings Linux User Group
> *Subject:* Re: [BillingsLUG] WAN to WAN help question
>
>
>
> comments in-line
>
> On Fri, Jul 16, 2010 at 11:17 AM, Mike Berry <madeinmontana at bresnan.net>
> wrote:
>
> Hello all, thank you very much for the quick replies.
>
> The answers to Larrys questions are: no they don’t share a broadcast
> domain, and the wan is a VPN.
>
>
>
> I can set up WINS on the server. But
>
>
>
>  are you saying DON’T use VPN with those cisco models
>
>  Im saying that the cisco aka linksys models lack the ability to NAT
> netbios.  search for 'CBOS NetBIOS'.  If you move to a Cisco 8xx or 1xxx+
> router you get IOS which CAN NAT netbios.
>
> pfsense, vyatta, untangle, linux with iptables, freebsd with pf, mikrotik
> can all route netbios.
>
>
>
>  , instead use the pfsense or vyatta with ipsec?
>
>  its not the VPN type that is getting you, its the OS of the router.  just
> get a better router
>
>
>
>  And, to clarify the “LMHOSTS file on each machine with every other
> machine”, (Add every other machine to *each* machines host file)?
>
>   lmhosts file:
>
> c:\windows\system32\drivers\etc\lhhost.sam
>
>
>
> fill it just like a hosts file:
>
> 127.0.0.1   localhost
>
> 192.168.1.1 server1
>
> 192.168.0.5 fileserver2
>
>
>
> You would need to put this on each machine that needed to access another
> machine via the network neighborhood.  You need an entry for every machine.
>  This is essentially spoofing lanmanager lookups through netbios, working
> around the issue of netbios being poorly routable.  A WINS server is
> essentially a DNS server for LM data.
>
>
>
> NetBIOS = API to facilitate data exchange on a network, uses UDP and/or TCP
> (sometimes IPX) and broadcasts to local broadcast address.
>
> WINS = DNS for LANMANAGER Networks
>
> LMHOST = hosts file to override entries in WINS server (or replace WINS if
> you REALLY like manual host mappings.)
>
> NetBIOS clients (aka Windows machines) have some capabilities that behave
> kind of like AVAHI or Bonjour, where they can exchange data on the local
> subnet by broadcasting.  This is why you can use Network Neighborhood on
> local LANs, your computer broadcasts via NetBIOS and the other machines
> repond to the broadcast.  Because NetBIOS operates by broadcasting on the
> local subnet, it wont typically see or be seen by computers on another
> subnet.  If you have an appropriate router, you can NAT the broadcast
> between two subnets and the remote machines will respond to the broadcast to
> their router and in turn their response will be NAT'd back.  Your client
> will register in WINS *if* it is assigned a WINS server via DHCP or
> manually.  Have no delusions, this is a HACK.
>
>
>
> By using WINS, you can add a DNS type lookup where the client (Network
> Neighborhood) asks the WINS server over TCP for all other WINS clients,
> skipping the need to broadcast.  You can still have an issue here with NAT
> because even though your client knows where the WINS server is, if it is on
> another subnet your router will need to know how to NAT netbios so that you
> can communicate with the WINS server in the first place.
>
>
>
>
>
>
>
> Your best option in my opinion is to replace the routers with something
> that can NAT netbios.  Install WINS on the server and setup DHCP to hand out
> the WINS server.
>
>
>
>
>
>
>
> Thanks again, it already makes better sense, but also confirms my thoughts
> on some hardware.
>
> mb
>
>
>   ------------------------------
>
> *From:* billingslug-bounces at billingslug.org [mailto:
> billingslug-bounces at billingslug.org] *On Behalf Of *dan
> *Sent:* Wednesday, July 14, 2010 19:51
> *To:* Mailing list for the Billings Linux User Group
> *Subject:* Re: [BillingsLUG] WAN to WAN help question
>
>
>
> Im guessing you are using the RVS4000 as a VPN bridge also.  I would bet
> that device runs CBOS, which is a cut down alternative to IOS and is unable
> to NAT netbios.  Netbios is not happy with routing, which means that it wont
> work well if the two sites are on different subnets.
>
>
>
> Your options:
>
> 1) Replace the routers with something running a more advanced routing
> platform like a cisco with IOS (cisco 8xx, 18xx, 28xx), pfsense or vyatta
> with ipsec tunnels.
>
> 2)Setup the W2003 server as a WINS server and push the WINS with DHCP.
>
> 3)LMHOSTS file on each machine with every other machine.  This is
> essentially the hosts file for netbios.  You would need to statically assign
> IP addresses to each machine or at least use a sticky DHCP.
>
>
>
>
>
>
>
> On Wed, Jul 14, 2010 at 2:50 PM, Larry Dillon <dillon.larry at gmail.com>
> wrote:
>
> Usually, if you're having Windows network browsing problems, the
> solution is to set up a WINS server (and configure all of the clients
> to know about it, usually through DHCP), but I'm not sure about how
> the WAN environment might complicate this.
>
> It would help to know more details about how the two LAN's are
> configured.  Do they share a broadcast domain?
>
> Is the WAN a dedicated circuit or a VPN tunnel?
>
> On Wed, Jul 14, 2010 at 10:20 AM, Mike Berry <madeinmontana at bresnan.net>
> wrote:
> > Hoping this gets to everyone that can help?
> > Its been a long time since I have asked the Blgs LUG for any ideas, most
> > wont know me or remember, but:
> >
> > I recently inherited a VERY bad WAN to WAN network, Blgs to Bzmn.
> > XP, Vista, and Win7, most home versions, some Pro, with a dedicated
> > 2003 standard server.(located in Bzmn).
> > Linksys RVS 4000 VPN Routers at each end.
> >
> > It is possible to connect to the server, install printers from each end,
> > Upload/download files, and run quickbooks from Blgs.
> >
> > Problem is, owner wants to SEE the workstations from both ends of the
> > NETWORK in NETWORK "hood" view,
> > And be able to print a topology map of the two networks, speed up the
> > network access time, and, especially quickbooks.
> >
> > I don't think the Linksys is the best answer after reading some of the
> > reviews and problems.
> >
> > Does anyone have any suggestions? If so, please call me, as I will not be
> > near email today:
> >
> > Mike Berry
> > 855.0584
> >
> > or email if that's all you can do, I will get it later.
> >
> > Much thanks to all!
> > mb
> >
> >
> > _______________________________________________
> > BillingsLUG mailing list
> > BillingsLUG at billingslug.org
> > http://lists.billingslug.org/mailman/listinfo/billingslug
> > http://www.billingslug.org group information
> >
> _______________________________________________
> BillingsLUG mailing list
> BillingsLUG at billingslug.org
> http://lists.billingslug.org/mailman/listinfo/billingslug
> http://www.billingslug.org group information
>
>
>
>
> _______________________________________________
> BillingsLUG mailing list
> BillingsLUG at billingslug.org
> http://lists.billingslug.org/mailman/listinfo/billingslug
> http://www.billingslug.org group information
>
>
>
> _______________________________________________
> BillingsLUG mailing list
> BillingsLUG at billingslug.org
> http://lists.billingslug.org/mailman/listinfo/billingslug
> http://www.billingslug.org group information
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.billingslug.org/pipermail/billingslug/attachments/20100716/40522449/attachment.html

More information about the BillingsLUG mailing list