From: Gaiseric Vandal on
I think, by the fundamental nature of how networking protocols work, that
broadcasts do not pass through routers - although with a VPN it may be a
little different.


However, I have the same situation. A Windows server on the host network
shows my "home" workgroup in the network neighborhood. However I can't see
my home computer listed in it. If I know the ip of my home computer I can
use "net use \\x.x.x.x" to get to shares on it.


My VPN client (sonicwall) has a virtual network interface that gets an IP
from the same class C range as the host network. From the perspective of
the samba server, my home PC is on the local work network. The VPN
configuration on the server includes an option "Enable Windows Networking
(NetBIOS) Broadcast - disabled" - I am not sure if that means NBT (NetBios
over TCP/IP) or the really old NetBEUI (remember Windows for Workgroups?)
VPN Clients are not using WINS - I thought this would fix the issues but it
didn't. The Samba server is not the WINS server but it is (or should be)
the master browser.

I don't know if this means that my host PC has registered with the browser
on the samba server OR if broadcasts initiated by my host PC on the VPN
virtual network interface are passing through the VPN. My local PC's
Network Neighborhood only shows its own workgroup, not the corporate one or
other VPN users. Maybe I can adjust my Windows firewall setting to block
outgoing netbios.








-----Original Message-----
From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org]
On Behalf Of Tjerk Jan Vonk
Sent: Thursday, June 24, 2010 5:24 AM
To: samba(a)lists.samba.org
Subject: [Samba] Blocking workgroup discovery

Hi all,

At my work I`ve set up a VPN. When I connect to it, my colleagues see
all the workgroups from my side of the VPN (I live on a campus with ~50
workgroups). Do you know how I block the workgroup discovery on through
the VPN gateway? Is the broadcast done on a specific port? Is samba
actively repeating the broadcast and their replies?

Greetings

Tjerk Jan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: tms3 on
SNIP
>
> I don't know if this means that my host PC has registered with the
> browser
> on the samba server OR if broadcasts initiated by my host PC on the
> VPN
> virtual network interface are passing through the VPN. My local
> PC's
> Network Neighborhood only shows its own workgroup, not the corporate
> one or
> other VPN users. Maybe I can adjust my Windows firewall setting to
> block
> outgoing netbios.

Block port 137 to VPN clients.
>
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: samba-bounces(a)lists.samba.org
> [mailto:samba-bounces(a)lists.samba.org]
> On Behalf Of Tjerk Jan Vonk
> Sent: Thursday, June 24, 2010 5:24 AM
> To: samba(a)lists.samba.org
> Subject: [Samba] Blocking workgroup discovery
>
> Hi all,
>
> At my work I`ve set up a VPN. When I connect to it, my colleagues see
> all the workgroups from my side of the VPN (I live on a campus with
> ~50
> workgroups). Do you know how I block the workgroup discovery on
> through
> the VPN gateway? Is the broadcast done on a specific port? Is samba
> actively repeating the broadcast and their replies?
>
> Greetings
>
> Tjerk Jan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba