browsing across subnets

Andy Worthington andy at
Mon Oct 30 16:33:48 GMT 2000

I finally got it all working fine.  To get the hosts visible, I checked to
make sure each samba was primary,local and domain master and restarted them.
I then restarted all clients and they started showing up.  Once they all
started showing up I kept trying to access them from the other subnet to no
avail.  I checked ipchains and there were some weird forwarding rules in
there from when I first setup ipsec tunnels so I deleted all ipchains rules
and added back the few I used and presto the machines were accessible.

Thanks for the help

Andy Worthington
----- Original Message -----
From: "Avantel Systems" <alex at>
To: "Robert Dahlem" <Robert.Dahlem at>; "Andy Worthington"
<andy at>
Cc: <samba at>
Sent: Friday, October 27, 2000 8:46 PM
Subject: Re: browsing across subnets

Well, actually ipsec should be carrying those netbios packets through on
used for the ipsec tunnel so do *not* open your firewall for ports 137-139.
verified that there was access to those ports by the last test I suggested
that test passed.

Since you can see (all?) the hosts in the browse list, that tells me the
samba servers are communicating OK which means those netbios packets are
through that ipsec tunnel.

Have you tried turning domain logons OFF - or are you truly trying to make
samba do domain logons?  I suspect the source of your problem at this point
that you can at least see the machines on the other subnet in your browse
is simply permissions & user/password issues - have you checked that? Are
using share or user level security?  Try creating a share that's open to
everyone and see if you can browse that.  Also try turning on debug and
the log files for possible errors.  (yes, you may have to dig into some of

Also, what -if anything- did you have to chage to get the hosts to be
visible in
your browse list?

Alex @ Avantel Systems

On Fri, 27 Oct 2000, you wrote:
> >
> >By that I am assuming it is either a routing or firewall problem
> >keeping the connection from working.  Pinging the client works fine
> >though.  How can I find where the problem is to solve it?  The
> >connection between and is via a freeswan
> >ipsec tunnel.
> Make sure ports 137, 138, 139, both tcp and udp get through.
> Regards,
>         Robert

More information about the samba mailing list