browsing subnets over vpnd
Matt Comer
matt at mattcomer.com
Thu Feb 1 21:29:56 GMT 2001
Hey :) I have recently set up VPN links between 3 subnets. I can ping back
and forth between all of the computers just fine, and samba works on all but
one subnet. The problem is that I am unable to use the VPN to browse
computers on the office network. I can browse them locally from the office,
and I can browse other subnets from them (ie. at home, etc), but when I get
on another subnet and try to browse windows 98 machines at the office
(behind a suse 6.4 box) it just doesn't work. I can browse the shares on the
suse 6.4 box however.
The other subnets are run by suse 7.0. I'm not sure if that is the reason
they work and the 6.4 subnet doesn't, but I figured I would mention it. I
know the problem is just that the server on that subnet won't route packets
to the machines on port 139. For instance, I try to telnet port 139 on
192.168.1.2 (office workstation) from 192.168.2.1 (home workstation) it just
times out. Here is a copy of what it says:
gimp:~ # telnet 192.168.1.2 139
Trying 192.168.1.2...
telnet: connect to address 192.168.1.2: Connection timed out
I can telnet 192.168.1.1 on port 139 though.
gimp:/ # telnet 192.168.1.1 139
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
Since I can still ping 192.168.1.2, I am assuming it is an error in the
samba configuration file. Here is a copy of that.
[global]
workgroup = workgroup
server string = office server
guest account = nobody
keep alive = 30
os level = 200
kernel oplocks = false
security = user
encrypt passwords = yes
username map = /etc/smbusers
printing = bsd
printcap name = /etc/printcap
load printers = yes
remote announce = 192.168.2.1 192.168.3.1
remote browse sync = 192.168.2.1 192.168.3.1
hosts allow = 192.168. 127.
socket options = TCP_NODELAY
map to guest = Bad User
local master = yes
domain master = no
interfaces = 192.168.0.0/16
wins server = 192.168.2.1
include = /etc/smb.conf.public
include = /etc/smb.conf.%u
include = /etc/smb.conf.%m
I have a WINS server on 192.168.2.1 (home server) and it works fine, because
it shows all the computers in the network, even at the office. I just cant
access the ones at the office, except for the server there. Here is a copy
of pretty much everything I can think of that you guys would need to know to
figure stuff out :P If its too much info, just scroll down a bit and ignore
it,
stellar:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:20:78:15:DB:25
inet addr:cens0red Bcast:64.192.112.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64864 errors:0 dropped:0 overruns:0 frame:0
TX packets:86136 errors:0 dropped:0 overruns:0 carrier:0
collisions:3 txqueuelen:100
Interrupt:10 Base address:0xf780
eth1 Link encap:Ethernet HWaddr 00:A0:CC:34:67:4F
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11527 errors:0 dropped:0 overruns:0 frame:0
TX packets:9797 errors:3 dropped:0 overruns:3 carrier:3
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xf000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:268 errors:0 dropped:0 overruns:0 frame:0
TX packets:268 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
sl0 Link encap:VJ Serial Line IP
inet addr:192.168.1.1 P-t-P:192.168.2.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:7558 errors:0 dropped:0 overruns:2167 frame:0
compressed:0
TX packets:7305 errors:0 dropped:0 overruns:1671 carrier:0
collisions:331 compressed:0 txqueuelen:10
stellar:~ # ipchains -L
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target prot opt source destination ports
MASQ all ------ 192.168.1.0/24 anywhere n/a
Chain output (policy ACCEPT):
stellar:~ # route -N
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 cens0red 255.255.255.255 UGH 0 0 0 eth0
192.168.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 sl0
192.168.3.0 192.168.2.1 255.255.255.0 UG 0 0 0 sl0
192.168.2.0 192.168.2.1 255.255.255.0 UG 0 0 0 sl0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
64.192.112.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 cens0red 0.0.0.0 UG 0 0 0 eth0
stellar:~ # lsmod
Module Size Used by
slip 8220 2
slhc 4440 1 [slip]
ip_masq_cuseeme 1144 0 (unused)
ip_masq_vdolive 1400 0 (unused)
ip_masq_raudio 3064 0 (unused)
ip_masq_irc 1624 0 (unused)
ip_masq_ftp 2424 0 (unused)
nfsd 146188 4 (autoclean)
tulip 30680 1 (autoclean)
ne2k-pci 4232 1 (autoclean)
8390 6228 0 (autoclean) [ne2k-pci]
serial 42612 0 (autoclean)
memstat 1476 0 (unused)
stellar:~ # uname -a
Linux stellar 2.2.14 #1 Fri May 5 17:43:12 GMT 2000 i586 unknown
Wellllll anyway, I guess that's it. If any of you see some kind of error, or
if you know how I can make subnet browsing work on that server over the VPN,
please let me know. I would really appreciate it@!
--Matt
More information about the samba
mailing list