• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing and windows computer browsing

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 3 Posters 4.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    gommer
    last edited by Jan 8, 2006, 10:49 AM Jan 8, 2006, 10:39 AM

    Hi all,

    I'm a happy user of pfSense, using the latest 1.0 beta 1 on WRAP ( 3 interfaces plus atheros based WLAN).
    I'll first explain my current setup:

    WAN (ISP specific ADSL modem)       <-> pfsense (sis0 WAN interface)
    LAN1 (1Gb switch with 3 win PCs)      <-> pfSense (sis1 LAN interface)
    LAN2 (100Mb switch with 2 win PCs)  <-> pfSense (sis2 OPT1 interface)
    WLAN                                             <-> pfSense (ath0 OPT2 interface)

    Currently, all interfaces have different subnets (192.168.1.0/24, 192.168.2.0/ 24, …)
    This all runs fine with a few firewall rules, however, one important thing I need is blocked: NETBIOS broadcasts cannot get past the subnet boundaries, so computers on WLAN and LAN2 cannot 'see' computers on LAN1.

    My question is: how can this be circumvented, either by trying to route the NETBIOS broadcasts, or by changing my (logical) LAN and WLAN setup.

    The goal is to have maximum security on LAN1, and allowing easy traffic shaping with different queues on LAN1 and LAN2. (LAN1 is parents, LAN2 the kids, you get the feeling?) So any other configuration that suits my needs will do. The problem is that i'm no network wizard, so combining a single subnet on different interfaces with DHCP, while keeping the traffic shaping enabled on the physical  interfaces is somewhat hard to setup from scratch for me. I only found out about the NETBIOS blocking after this setup was configured.

    Any advice would be very welcome.

    Thanks in advance,
    Marc

    1 Reply Last reply Reply Quote 0
    • C
      cmb
      last edited by Jan 8, 2006, 9:59 PM

      @gommer:

      This all runs fine with a few firewall rules, however, one important thing I need is blocked: NETBIOS broadcasts cannot get past the subnet boundaries, so computers on WLAN and LAN2 cannot 'see' computers on LAN1.

      My question is: how can this be circumvented, either by trying to route the NETBIOS broadcasts, or by changing my (logical) LAN and WLAN setup.

      that's the definition of a broadcast.  they don't cross IP subnets.

      actually fixing this is difficult at best - Windows browse lists can be difficult to keep working properly with a single subnet much less multiple ones.  And browsing across multiple subnets in a Windows-only network cannot function without a server.

      Your reasonable options are:

      1. Bridge the interfaces so they're all on the same subnet.  You can still use filtering, but traffic shaping might be an issue (I don't know though, maybe somebody else can answer this part)
      2. ignore the browse problems
      3. attempt to fix the issue (good luck, expect to lose a lot of hair and/or gain a lot of gray hair on this one…)

      references:
      "In a Windows-only network, browsing cannot function across subnets unless a Windows NT/2000 PDC exists on the network."
      http://www.onlamp.com/pub/a/onlamp/excerpt/samba_chap7/index2.html
      http://www.cisco.com/warp/public/473/winnt_dg.htm
      http://www.comptechdoc.org/os/windows/ntwsguide/ntwsnfinding.html
      http://my.brandeis.edu/bboard/q-and-a-fetch-msg?msg_id=0003Yw
      http://www.google.com/search?q=windows+network+browsing+across+subnets

      1 Reply Last reply Reply Quote 0
      • G
        gommer
        last edited by Jan 8, 2006, 10:53 PM

        @cmb:

        Your reasonable options are: …

        Oh well, I've  already spend nearly a weekend on solving the issue on windows' side. I'll be giving up soon. Ignoring the browse problem is not an option, however. It is for me, but not for the wife and kids  ;).

        So, I'll be focussing on pfSense-side solutions. VLAN, bridging, how's that going to co-exist with traffic shaping?

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by Jan 9, 2006, 2:25 AM

          @gommer:

          Ignoring the browse problem is not an option, however. It is for me, but not for the wife and kids  ;).

          Might be more of one than you think.  Sounds like you don't have many machines and they don't change often.  You could just put a folder out on the desktop of each machine called "network computers" or something, and put a shortcut in that folder to each computer.  that's a really easy and quick solution.

          1 Reply Last reply Reply Quote 0
          • J
            jeroen234
            last edited by Jan 9, 2006, 5:44 PM Jan 9, 2006, 5:40 PM

            the can type the pc bij hand in the network neaberhood
            \192.168.1.1
            \192.168.2.1
            \192.168.3.1

            enz enz
            just a ipadress with \ infrond of it will get you in the shared folders of that pc

            1 Reply Last reply Reply Quote 0
            • G
              gommer
              last edited by Jan 9, 2006, 9:21 PM

              Thanks for all suggestions guys.
              I solved it. Off course, I know about the possibilities of typing the IP address, but that's not an option for wife and kids.
              Anyway, I solved it by editing the hosts file on each machine. It still wouldn't work untill I disabled the damned WinXP firewall on each machine. I wonder why M$ call windows user-friendly, aargh.
              I feel great, outwhitting M$ for a change  ;D

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received