Internal WINS Server



  • Dear All,

    Is it possible to install WINS server inside pfsense 2.0 because I have 4 LAN and I need to make them browseable.
    Sorry for my poor English.

    Thank you.



  • No. You don't need WINS for that anyway. That's a question better posed on a Microsoft board, or you'll find tons of info if you just Google cross-subnet browsing.


  • Rebel Alliance Global Moderator

    I don't believe he has a domain, and therefore a domain controller - so yeah a solution to allow for it would be a wins server.  Just run wins or samba (can act as wins) on one of the boxes on your network.  Does not have to be done on your router.

    To be honest is a pretty useless feature in the first place, why do you feel you need to do this?



  • Thank you vey for every reply. I will create samba for some linux box and point to it via dhcp.


  • Rebel Alliance Global Moderator

    Still curious why you think you need this?  Browsing is pointless and a complete waste of time, rarely works the way its suppose to even on 1 segment ;)  What you don't know the names of your computers?  Are you just looking for away to resolve netbios names since you can not broadcast for them across segments?

    I can understand resolving netbios names, browsing to the computers via workgroup names, etc.. I just don't get ;)

    You would be better off using dns to resolve your computer names, pfsense for sure can do that for you!



  • Thank you johnpoz how to make DNS to resolve NetBIOS name. Thank you.


  • Rebel Alliance Global Moderator

    Well to be fair its not really resolving the actual netbios name, but it will resolve the FQDN and your hostname 999/1000 times is the same as your netbios name.  So for example my boxes p4-28g for example resolves as p4-28g.local.lan

    Under your dhcp server on your pfsense box

    check the "Enable registration of DHCP client names in DNS."

    If you setup with a search domain of your domain handing out in your dhcp scope then all machines will search that domain for any host name you put in and return the FQDN..  So for example

    C:>ping p4-28g

    Pinging p4-28g.local.lan [192.168.1.4] with 32 bytes of data:
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=64
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=64



  • Thank you johnpoz  for the good idea, I will test with your idea and let you know.



  • Dear johnpoz ,

    Your idea is very good and helpeful for me but now I have to ping hostname.domain only cannot ping only hostname.
    What is the reason and the solution for this case?
    Thank you.



  • Basically you need wins for simple unc paths to work eg \pc1234\someshare with only DNS it becomes \pc1234.mydomain.com\someshare WINs also prevents you accidental giving two workstations the same name, DNS will allow it.
    A lot of the earlier Micro$oft services such as Exchange 2003, SQL200 and it's free counterparts all expect wins. Bloody awful protocol but Bill does so like proprietary protocols for vendor lock in.

    As has already been suggested a Samba 3 server will sort this for you. The DNS solution will not always work correctly if you use short UNC paths.


  • Rebel Alliance Global Moderator

    You need to setup your search domain, so that your machine will look in that domain.

    example

    C:\Windows\System32>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : quad-w7
      Primary Dns Suffix  . . . . . . . : local.lan
      Node Type . . . . . . . . . . . . : Hybrid
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : local.lan

    Im trying to understand this statement though, could you explain further makes no sense to me.

    "The DNS solution will not always work correctly if you use short UNC paths."



  • If you don't have a WINS server you will find that however you setup your DNS paths such as \pc1234\someshare will fail some of the time and the only way to guarantee it works is to use \pc1234.mydomain.com\someshare.

    It will allow things such as ping pc1234 as it just appends the listed search domains to the host name although you will see traffic trying to find things like pc1234.com as it works it's way down the list.


  • Rebel Alliance Global Moderator

    "you will see traffic trying to find things like pc1234.com as it works"

    That will only happen if pc1234 does not exist in your search domain, but since it does on your domain which would be the first search you would not see traffic for pc1234.com ;)

    And I don't agree that \pc1234 would fail some of the time - either they would fail all of the time.. Why would thy fail only part of the time?

    Just sniff your traffic to see what happens.. Any windows box over 2k would be able to use direct host smb, would it not - which is dns based.  So as long as you have a search string setup then you would find your boxes via dns and then connect to the share on 445

    so I disabled netbios over tcp, on my box other it would just broadcast for the names first and since im currently only on one segment would not be a valid test.

    So I turned it off, then cleared both netbios cache and dns cache, fired up wireshark and then run \p4-28g and connects just fine..  From the sniff you clearly see the dns resolution happen to the FQDN

    There are many ways to skin a cat, and sure running a wins server to allow for file sharing across segments for name resolution, but it is not the only way.

    http://support.microsoft.com/kb/204279
    Direct hosting of SMB over TCP/IP

    I am not saying that you might not still need to run or want to run wins or some other NBNS, some legacy type software might still require it, etc.  But in general just because you have multiple segments does not mean you can not just access \computername - all that you need to work out is name resolution.

    you will notice my queries go over ipv6, but that just because I am using ipv6 on that client so it likes ipv6 over ipv4, but as you see the returned address is ipv4 address, since that client does not have ipv6 enabled.



Locked