[Samba] Re: Samba over IPX - various sites say it works?

Nigel Gay nigel at roughseas.ca
Wed Aug 30 17:18:39 GMT 2006 

Alex,

I'd tried once before modifying the local routes, but your post made me 
give it another shot.  My server is dual boot OpenSuse 10.1/Win2000, so 
I booted it back into Win2000 and uninstalled IPX, to ensure I was 
accessing file shares over TCP/IP.

I couldn't access the file shares then - turns out the firewall was 
blocking it.  So I opened up port 445, now I can see from the firewall 
logs that although its blocking all the netbios ports, I can access the 
file shares from another Windows PC no problem using port 445.

Apologies for this getting a bit off topic, but really hoping someone 
can help me out :)

My routing table looks like this, pretty standard:

========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.11
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
      192.168.2.0    255.255.255.0     192.168.2.11    192.168.2.11
     192.168.2.11  255.255.255.255        127.0.0.1       127.0.0.1
    192.168.2.255  255.255.255.255     192.168.2.11    192.168.2.11
        224.0.0.0        240.0.0.0     192.168.2.11    192.168.2.11
  255.255.255.255  255.255.255.255     192.168.2.11    192.168.2.11
Default Gateway:       192.168.2.1
========================================================================

where 192.168.2.1 is the internal address of my router, and 192.168.2.11 
is the address of my client on the LAN.

I then connect to the VPN, and my routing table changes to:

========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  
          0.0.0.0          0.0.0.0   10.250.100.106  10.250.100.106
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.11
         10.0.0.0        255.0.0.0   10.250.100.106  10.250.100.106
   10.250.100.106  255.255.255.255        127.0.0.1       127.0.0.1
   10.255.255.255  255.255.255.255   10.250.100.106  10.250.100.106
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
    VPN Server IP  255.255.255.255      192.168.2.1    192.168.2.11
      192.168.2.0    255.255.255.0     192.168.2.11    192.168.2.11
      192.168.2.0    255.255.255.0   10.250.100.106  10.250.100.106
     192.168.2.11  255.255.255.255        127.0.0.1       127.0.0.1
    192.168.2.255  255.255.255.255     192.168.2.11    192.168.2.11
        224.0.0.0        240.0.0.0   10.250.100.106  10.250.100.106
        224.0.0.0        240.0.0.0     192.168.2.11    192.168.2.11
  255.255.255.255  255.255.255.255   10.250.100.106  10.250.100.106
  255.255.255.255  255.255.255.255     192.168.2.11    192.168.2.11
Default Gateway:    10.250.100.106
========================================================================

where 10.250.100.106 is my IP that the VPN allocates to me within the 
company LAN.  The first entry you'd think is directing all traffic down 
the VPN, so I change it to:

========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.11
         10.0.0.0        255.0.0.0   10.250.100.106  10.250.100.106
       10.250.0.0      255.255.0.0   10.250.100.106  10.250.100.106
   10.250.100.106  255.255.255.255        127.0.0.1       127.0.0.1
   10.255.255.255  255.255.255.255   10.250.100.106  10.250.100.106
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
    VPN Server IP  255.255.255.255      192.168.2.1    192.168.2.11
      192.168.2.0    255.255.255.0     192.168.2.11    192.168.2.11
      192.168.2.0    255.255.255.0   10.250.100.106  10.250.100.106
     192.168.2.11  255.255.255.255        127.0.0.1       127.0.0.1
    192.168.2.255  255.255.255.255     192.168.2.11    192.168.2.11
        224.0.0.0        240.0.0.0   10.250.100.106  10.250.100.106
        224.0.0.0        240.0.0.0     192.168.2.11    192.168.2.11
  255.255.255.255  255.255.255.255   10.250.100.106  10.250.100.106
  255.255.255.255  255.255.255.255     192.168.2.11    192.168.2.11
Default Gateway:       192.168.2.1
========================================================================

so you'd think it would now only direct 10.x.x.x traffic down the VPN, 
and everything else as normal.  In fact, the company switched VPNs a few 
years back, and with their old VPN this is precisely what I used to do 
and it worked perfectly.  But on the new VPN, I modify the routing table 
liks so and it makes no difference, I still can't access any other PCs 
on my LAN (or the rest of the internet for that matter, but I don't care 
about that).

I assume the VPN software is capturing the traffic BEFORE TCP/IP 
processes the routing table, so the routing table is ignored?  Do you 
have any suggestions?  Its the Cisco VPN client, if you have any inside 
info ;-)

Many thanks,

Nigel.


> Nigel Gay wrote:
>> FYI, the reason I can't use TCP/IP is I connect from my PC into my 
>> company's LAN via a VPN.  When connected to the VPN, *all* TCP/IP 
>> traffic goes to the VPN, effectively cutting me off from the rest of
>> my own LAN.  Yes, I know that's really an issue with how their VPN is
>> set up, but they won't change it.  Accessing shares on Windows
>> servers works fine, because once it realises it can't connect over
>> TCP/IP, it switches to IPX and works fine.
>>   

"alex at kuklin.ru" <alex at kuklin.ru> wrote:
> Nigel, just set up your local routes. It's quite easy :)

More information about the samba mailing list