DNS , NetBIOS , CIFS and PPTP
-
What node is the windows clients in.. if say in b-node I don't believe they would use a wins server if one was set.
But yes I would check the wins server to see if its firewall wall would block wins queries from remote networks.
I would prob sniff on your lan interface of pfsense and make sure your seeing the queries being sent to the wins server.. If you not seeing them and or answer then troubleshoot from there. What are your firewall rules on your pfsense vpn interface?
-
Ok so I checked the Windows machines and I cannot seem to find the broadcast node label.
This is all testing for something that I plan to implement in a secure environment so maybe I should explain my requirements needed in the end.
I work for a company that uses special software to conduct research . The company employs people from locations across North America. The employees use VNC to connect to 1 of 10 desktop computers running this software and it has been working this way for 2 years.
Obviously this is sub-optimal and has no scaleability. We have since upgraded and now use a completely different network.
I am running a VM server (Proxmox) which has 40 Windows machines . This has not been put into production yet but I plan to have it up within the next week. These machines change often , we are constantly installing new copies of software on new machines and as such we require a better way to manage the systems available.
My choice was this:
I would have everyone working for the company connect using L2TP/IPSEC or PPTP. I don't like PPTP because it is insecure but is built into Windows. I am not opposed to using OpenVPN , it just means I would have to help everyone to install it.
If everyone connected to the network using VPN , it would remove the need to port forward 40-50 machines . Also , as I said , these machines are changing often so this would be difficult to manage.
What I want to do is have people connect using a VPN and once connected have a list of computers on their network to choose from . In Windows you have the option to "Connect Using Remote Desktop" when right mouse clicking on a network computer …. this is perfect.
Is there a way to set this up using open VPN. I was able to set it up using L2TP/IPSEC using Zentyal but had some minor issues and also would much rather use pfSense.
Please let me know if you have any ideas on possibly a better setup or how to setup openvpn to resolve hostnames in Windows WITHOUT the need to change settings on the client side.
-
And what node are you in - H or M, you don't want to be in broadcast.
Post up a ipconfig /all – what about just plain dns to resolve names?
-
This is the L2TP/IPSEC connection. I presume it is nearly identical in setup as PPTP.
Windows IP Configuration
Host Name . . . . . . . . . . . . : JAKETEST-PC
Primary Dns Suffix . . . . . . . : zentyal-domain.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : zentyal-domain.lanPPP adapter VPN Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VPN Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.10.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 192.168.10.1
Primary WINS Server . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : EnabledWireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-24-D6-07-FA-9A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a1c6:9f6:57e5:265d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 21, 2013 6:47:37 PM
Lease Expires . . . . . . . . . . : Wednesday, December 25, 2013 8:08:45 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 184558806
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-26-28-49-00-25-64-5B-*****DNS Servers . . . . . . . . . . . : 192.168.2.1
192.168.2.1
NetBIOS over Tcpip. . . . . . . . : EnabledKeep in mind this is from Zentyal. I do not want to use Zentyal , it is not nearly as good for me as pfsense. Please advise what I can do from here.
Thanks again for all your help!
-
Also when I am doing this with pfsense using OpenVPN , I select p-node on the config from pfsense.
Right now I have 3 machines with firewall distros on them ..swapping in and out doing testing..if you need me to setup pfsense I will.
Is my broadcast network 255.255.255.255 supposed to be /24?
Also , I am an idiot. I now see my node type is hybrid … How do I change this?
When I used NET VIEW /MACHINEID it resolves.
-
That is fine, hybrd check if wins sever listed if not or no answer then it broadcast.. That is works for you.
So again I am going to ask you.. Can the client ping the 192.168.10.1 box that is your wins and your dns.. Can he query it.. do a simple nslookup or dig to it.. For wins here is cmd line tool to verify queries work
http://support.microsoft.com/Default.aspx?kbid=830578
-
The link you posted does not work.
I looked up the WINS commands and they dont seem to work in Windows 7. I typed the following:
1.)netsh>
2.)winsthis gave me:
3.)netsh winsock>
The syntax for this is : server \ServerName or server \ServerIP
I tried both and they did not work for me.
nslookup did resolve every computer on the network….
I have no idea what the issue is ... There are 10 computers and I used nslookup on all of them and they come back with : COMPUTERNAME.zentyal-domain.lan . That much is working.
I also cannot ping the machines , only the server at 192.168.10.1 and machines on the end point side cannot resolve the vpn client via nslookup.
-
they didn't work for you local or remote.. The nblookup tool works just fine on windows 7..
Here is example - I fired up wins on my 2k8r2 vm, set my box to use it as wins - it registered itself.. See in the picture the records under the wins tool.. Then I can query them via cmd line tool nblookup
I don't believe windows 7 has wins features in netsh.. server does
-
Recursion is on
Querying WINS Server: 192.168.10.1
NetBIOS Name: zentyal
Suffix: 20Name returned: ZENTYAL
Record type: Unique
IP Address: 192.168.10.1Record type: Unique
IP Address: 192.168.5.1Record type: Unique
IP Address: 142.176.59.204Record type: Unique
IP Address: 10.0.5.1I cant nblookup any computers by name other than my wins server from my remote computer.
nslookup on the remote side works but cannot find that computer on the local network using the same commands from local machines.
-
Windows 7 machines block pings from computers not on the same subnet as them, try to disable your firewall to see if this is the cause. Also make sure that your firewall is set to home or work. If you have a machine that you can put Windows Server 2003 and up on, you can setup dns and then have the dns server look to WINs for host name resolving. Not sure about the various linux flavors if this is possible.
-
disable my firewall on the Windows machines or disable my physical firewall?
-
I am not having any issues pinging , just netbios . I joined all computers to work network and disabled the firewall. No change.
-
../source3/nmbd/nmbd_sendannounce.c:170(send_local_master_announcement)
send_local_master_announcement: type 849b0b for name ZENTYAL on subnet 192.168.10.1 for workgroup ZENTYAL-DOMAIN
[2013/12/23 02:08:45, 3] ../source3/nmbd/nmbd_sendannounce.c:189(send_workgroup_announcement)
send_workgroup_announcement: on subnet 192.168.10.1 for workgroup ZENTYAL-DOMAIN
[2013/12/23 02:08:45, 3] ../source3/nmbd/nmbd_sendannounce.c:170(send_local_master_announcement)
send_local_master_announcement: type 849b0b for name ZENTYAL on subnet 10.0.5.1 for workgroup ZENTYAL-DOMAIN
[2013/12/23 02:08:45, 3] ../source3/nmbd/nmbd_sendannounce.c:189(send_workgroup_announcement)
send_workgroup_announcement: on subnet 10.0.5.1 for workgroup ZENTYAL-DOMAIN
[2013/12/23 02:08:46, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:47, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:48, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:48, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:49, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:50, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:51, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:51, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:52, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:53, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:08:53, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
[2013/12/23 02:08:54, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:08:56, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:08:57, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:08:58, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:08:59, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:09:00, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:09:00, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:09:01, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:09:53, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:09:54, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:09:56, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:09:57, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:09:58, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:09:59, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:10:00, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:10:00, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:10:01, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:10:21, 0] ../source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name JAKETEST-PC<20> from IP 192.168.10.55 on subnet UNICAST_SUBNET.
[2013/12/23 02:10:21, 0] ../source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
[2013/12/23 02:10:21, 0] ../source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name JAKETEST-PC<00> from IP 192.168.10.55 on subnet UNICAST_SUBNET.
[2013/12/23 02:10:21, 0] ../source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
[2013/12/23 02:10:21, 0] ../source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name WORKGROUP<00> from IP 192.168.10.55 on subnet UNICAST_SUBNET.
[2013/12/23 02:10:21, 0] ../source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
[2013/12/23 02:10:53, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:10:54, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:10:56, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
[2013/12/23 02:10:57, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:10:58, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:10:59, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:11:00, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:11:00, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:11:01, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
[2013/12/23 02:11:03, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WPAD<00>
[2013/12/23 02:11:04, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WPAD<00>
[2013/12/23 02:11:05, 3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WPAD<00> -
above is my wins log
-
Let's assume that your WINS server is running correctly. Have you checked PfSense firewall logs? If you don't see anything there, have you tried using a Windows based WINS server to rule out a problem with your Linux setup? If you were using Windows Server I would tell you to check to see if any host had registered themselves on the server. I guess the same concept applies here, I'm assuming that you checked the server to see if any host had registered and they are not.
disable my firewall on the Windows machines or disable my physical firewall?
I meant just disable the personal firewall (temporarily) on your PC to see if that was causing the issue. I would never recommend disabling your PfSense Firewall unless it was behind another PfSense Firewall and you just wanted to use it as a router.
I believe NetBios uses port(s) 137-139 if you just want to allow these ports.
-
I have copies of Windows sever 2003 , 2008 and 2012. I have tried all of them and they work the same way as my samba server.
I have disabled the firewall on the Windows machines but I dont see anything changing. I have ran wireshark and I see the Windows machine on the remote ( public ) side is broadcasting on /32 netmask and the wins server is not replying to its requests.
-
Why would it be broadcasting anything? The query should be unicast. And is the query getting to your server? You do understand it would be UDP, maybe you only have TCP open on your firewall?
Here is query the query and the answer. You should be able to sniff at your pfsense lan interface and see this for a remote query.
edit: You know this would explain issues with dns as well, if your only allowing tcp traffic? Most dns is udp, sure it can use tcp some times, but its mostly all udp. If your not allow udp traffic - this explains issues with wins and dns.
-
ahh your right about tcp/udp. I will check that now and see what happens . Thanks again.
-
I was able to resolve one name one time… It was random and I did not change any settings during this . I got rid of my Ubuntu WINS and have Server2003RT2 as WINS now.
I simply tried to map one of the servers and it worked. I tried again and it failed..
I have posted my firewall settings , pptp settings , client side settings and wireshark settings . I hope someone can help me solve this.
Thanks again for all the help you've already provided
I am able to do nblookup and ping but get no nslookup.
-
Ok – thanks, but none of that is of any use to be honest.
Your firewall for example -- that 3rd rule is giberish on that tab.. how is lan net a source and pptp clients a dest on the pptp tab? A firewall interfaces are inbound.. so how is lan net going to be a souce of inbound traffic to your pptp interface? Your rules above that are wide open any any so even if that rule was correct it would never be needed or used.
What are you lan rules? You can ping we see.. So what is the point of a wireshark?? Where did you take that wireshark. How about a wireshark on your LAN interface do you see your nblookup or dns? going towards your wins or dns? When created on a pptp client? If you don't see it there, sniff on pptp internface - do you see it there, etc.
What are those IP settings that are blank suppose to tell us? Is this not your pptp connection on the remote client? So show us what it gets after you connect, since I have to assume your set for dhcp - but failed to show us that.
ALSO -- the one thing you did show tht is again wrong is handing out 8.8.8.8 to your pptp clients for dns?? How and the hell do you think googledns is going to resolve your local clients names? So why would you tell you pptp clients hey its ok you use googledns???
The sniff showing 51 snding smb stuff to .2 -- where was that sniffed at, at the client? Or somewhere actually useful like interfaces on pfsense so we can track where the packets get to or don't get too.