Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing and windows computer browsing

    Scheduled Pinned Locked Moved
    General pfSense Questions
    3
    6
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gommer
      last edited by

      Hi all,

      I'm a happy user of pfSense, using the latest 1.0 beta 1 on WRAP ( 3 interfaces plus atheros based WLAN).
      I'll first explain my current setup:

      WAN (ISP specific ADSL modem)       <-> pfsense (sis0 WAN interface)
      LAN1 (1Gb switch with 3 win PCs)      <-> pfSense (sis1 LAN interface)
      LAN2 (100Mb switch with 2 win PCs)  <-> pfSense (sis2 OPT1 interface)
      WLAN                                             <-> pfSense (ath0 OPT2 interface)

      Currently, all interfaces have different subnets (192.168.1.0/24, 192.168.2.0/ 24, …)
      This all runs fine with a few firewall rules, however, one important thing I need is blocked: NETBIOS broadcasts cannot get past the subnet boundaries, so computers on WLAN and LAN2 cannot 'see' computers on LAN1.

      My question is: how can this be circumvented, either by trying to route the NETBIOS broadcasts, or by changing my (logical) LAN and WLAN setup.

      The goal is to have maximum security on LAN1, and allowing easy traffic shaping with different queues on LAN1 and LAN2. (LAN1 is parents, LAN2 the kids, you get the feeling?) So any other configuration that suits my needs will do. The problem is that i'm no network wizard, so combining a single subnet on different interfaces with DHCP, while keeping the traffic shaping enabled on the physical  interfaces is somewhat hard to setup from scratch for me. I only found out about the NETBIOS blocking after this setup was configured.

      Any advice would be very welcome.

      Thanks in advance,
      Marc

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        @gommer:

        This all runs fine with a few firewall rules, however, one important thing I need is blocked: NETBIOS broadcasts cannot get past the subnet boundaries, so computers on WLAN and LAN2 cannot 'see' computers on LAN1.

        My question is: how can this be circumvented, either by trying to route the NETBIOS broadcasts, or by changing my (logical) LAN and WLAN setup.

        that's the definition of a broadcast.  they don't cross IP subnets.

        actually fixing this is difficult at best - Windows browse lists can be difficult to keep working properly with a single subnet much less multiple ones.  And browsing across multiple subnets in a Windows-only network cannot function without a server.

        Your reasonable options are:

        1. Bridge the interfaces so they're all on the same subnet.  You can still use filtering, but traffic shaping might be an issue (I don't know though, maybe somebody else can answer this part)
        2. ignore the browse problems
        3. attempt to fix the issue (good luck, expect to lose a lot of hair and/or gain a lot of gray hair on this one…)

        references:
        "In a Windows-only network, browsing cannot function across subnets unless a Windows NT/2000 PDC exists on the network."
        http://www.onlamp.com/pub/a/onlamp/excerpt/samba_chap7/index2.html
        http://www.cisco.com/warp/public/473/winnt_dg.htm
        http://www.comptechdoc.org/os/windows/ntwsguide/ntwsnfinding.html
        http://my.brandeis.edu/bboard/q-and-a-fetch-msg?msg_id=0003Yw
        http://www.google.com/search?q=windows+network+browsing+across+subnets

        1 Reply Last reply Reply Quote 0
        • G
          gommer
          last edited by

          @cmb:

          Your reasonable options are: …

          Oh well, I've  already spend nearly a weekend on solving the issue on windows' side. I'll be giving up soon. Ignoring the browse problem is not an option, however. It is for me, but not for the wife and kids  ;).

          So, I'll be focussing on pfSense-side solutions. VLAN, bridging, how's that going to co-exist with traffic shaping?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            @gommer:

            Ignoring the browse problem is not an option, however. It is for me, but not for the wife and kids  ;).

            Might be more of one than you think.  Sounds like you don't have many machines and they don't change often.  You could just put a folder out on the desktop of each machine called "network computers" or something, and put a shortcut in that folder to each computer.  that's a really easy and quick solution.

            1 Reply Last reply Reply Quote 0
            • J
              jeroen234
              last edited by

              the can type the pc bij hand in the network neaberhood
              \192.168.1.1
              \192.168.2.1
              \192.168.3.1

              enz enz
              just a ipadress with \ infrond of it will get you in the shared folders of that pc

              1 Reply Last reply Reply Quote 0
              • G
                gommer
                last edited by

                Thanks for all suggestions guys.
                I solved it. Off course, I know about the possibilities of typing the IP address, but that's not an option for wife and kids.
                Anyway, I solved it by editing the hosts file on each machine. It still wouldn't work untill I disabled the damned WinXP firewall on each machine. I wonder why M$ call windows user-friendly, aargh.
                I feel great, outwhitting M$ for a change  ;D

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post