Browsing problems in IP masqueraded subnet

Stephen L Arnold arnold.steve at ensco.com
Mon Mar 29 20:59:02 GMT 1999 

When the world was young, Jeney Gabor <dejou at sch.bme.hu> carved 
some runes like this:  

>     I have a subnet in a dormitory using IP masquerading, and it is
> working fine. My only problem is that I can't browse the outer network in
> a Microsoft machine inside. Here is the physical topology:
> 
>     O    WINS server of dormitory (152.66.148.10)
>     |    It is also the Primary Domain Controller (Win NT 4.0 Server) |
>     ----------------------------    Network of the dormitory |    IP:
>     152.66.151.216 (eth0) O    Linux box (kernel 2.0.34, smbd version
>     2.0.2-19990209) |    IP: 192.168.1.1 (eth1)
>     ----------------------------    Local network |    |    | O    O    O 
>       Microsoft Windows machines
> 
>     The Linux box acts as an IP Firewall, and IP masquerades the inner
> network. There is IPX/SPX bridging as well, so the outer Novel servers are
> also accessibles. In the linux box runs the SMB server with WINS support.
> The WINS works great. The Samba file server works great. If I search
> inside for an outer computer, it appears in less than a second. But when I
> browse the network I can see only the workgroups, and nothing more. Indeed
> when I double click on one workgroup I have to wait about one minute (!)
> to get the windows explorer resume working (and nothing appears in the
> window of course).
[snip]

I'm no samba expert (and NT is largely an unknown to me) but I 
think you would need to either add an external WINS server (ie, one 
outside your firewall) or have another samba box to collect browse 
list data on the other side of the firewall.  Assuming your ip-masq 
box is passing the UDP stuff appropriately (ports 138 & 139 ?).  As 
far as browsing across subnets (with a firewall in between yet), 
you might need to sync your samba server with another one on the 
other side.  Even NT can't do some of the stuff samba can...

Try it and see...

Steve


******************************************************************
Stephen L Arnold                      http://www.rain.org/~sarnold
#include <std_disclaimer.h>
******************************************************************

More information about the samba mailing list