Hello everyone. is it possible to browse the network neigborhood if i tunnel to a remote site ? if its possible how? Best regards, Glynn
The short answer would be yes, but there are lots and lots of details. Now that your GRE tunnel is up and running, switch your thinking to look at it from Windows'' point of view. From Windows'' point of view, the GRE tunnel is really a router. So you have LAN A connected to a router, across a WAN, to LAN B. Your Windows PCs have no clue that there is a GRE tunnel in-between. All they know is, their default gateway is the internal IP address of the firewall/router you set up. Well, maybe not their default gateway, but at least they have a route to the LAN on the other side of the tunnel. So what do we need with Windows so that PCs in LAN A can browse (Network Neighborhood) shares offered by computers in LAN B? Assuming Windows 9x, we need a way for NetBIOS name resolution that doesn''t depend on broadcasts, so that means you''ll need a WINS server in both LAN A and LAN B. You''ll want to set up the WINS servers as push/pull replication partners so they both have up to date copies of which systems are where. And you''ll need to set up your PCs as NBT node type 8 (I think). This is the hybrid, where PCs first try to resolve names by asking a WINs server and then try a broadcast if that doesn''t work. You could also use local lmhosts files for NetBIOS name resolution, but let''s not even go there. If you have a Win2000 domain and all Win2000 clients, then the rules are different. In this case, you''ll need DNS servers instead of WINS servers. Conceptually, the point is, you need some way to do name resolution on both ends of your tunnel to make this work. You will want to set up some kind of Win NT or Win 2000 domain structure that makes sense, or you will want some kind of workgroup structure that makes sense. So let''s say the PCs in LAN A are all members of a workgroup named LANAWG. If you make a PC in LAN B a member of the LANAWG workgroup, and you have name resolution that works, then that LAN B PC should be able to browse its Network Neighborhood and see the shares offered by PCs in the LANAWG workgroup, no matter which side of the tunnel they are on. This all assumes that the Windows PCs do their jobs properly. - Greg Scott -----Original Message----- From: glynn [mailto:glynn@itextron.com] Sent: Friday, January 25, 2002 4:07 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] Help with gre tunneling Hello everyone. is it possible to browse the network neigborhood if i tunnel to a remote site ? if its possible how? Best regards, Glynn
Hi everyone, Greetings from Poland :) I want to be able to allocate portions of the internet link bandwidth to several homes in an apartment house. We pay together for internet access and have a Linux router/gateway. Now we want to expand a little, i.e. buy a bit more bandwidth and achieve the following: - A possibility to assign a public IP address to a household (some people want to have their own servers at home) - Split the bandwidth to a requested level, so that some people could get more, some less, and pay their appropriate share in the overall link cost. It looks to me as a small ISP-like problem :) Of course we run this network privately, so we can''t afford a professional bandwidth limiting software or hardware solution. To be honest I''m not a Linux guru [yet ;)], so learning about LARTC, experimenting and maintaining it will take some time. In the meantime I was wondering, whether someone has experience with such a setup, with multiple network adapters and hopefully some administration aids (a web-based interface would be a dream). Anyone can help?... Best regards Stan
On Friday 25 January 2002 20:29, Stanis?aw Winiecki - Admin wrote:> Hi everyone, > > Greetings from Poland :) > Anyone can help?...Hi Greeting from INDONESIA :-) I think we do the same thing. I''m also work with very small bandwidth :-) If you have controll to your own IP address, the there is no problem to give public IP addresses to your "customer". But if you don''t have access to the main router (like me), then "proxy-arp" could be also a solution. To manage/limit the bandwidth, the easiest way is to use cbq.init script. Of course the cbq.init are very simplistic. You should write your own command for better bandwidth management :-P Regards, Adi Nugroho
Do i really need to setup wins server in both sides? and if i configure one of
my windows 98 pc how do make it as a push and pull replication? and how about
nbt node type 8? do you think if i set up dns server it will work? what should
be the best and easy way to have a name resolution on both ends of the tunnel?
Best Regards,
Glynn
----- Original Message -----
From: Greg Scott
To: ''glynn'' ; lartc@mailman.ds9a.nl
Sent: Friday, January 25, 2002 8:10 PM
Subject: RE: [LARTC] Help with gre tunneling
The short answer would be yes, but there are lots and lots of details.
Now that your GRE tunnel is up and running, switch your thinking to
look at it from Windows'' point of view. From Windows'' point
of view,
the GRE tunnel is really a router. So you have LAN A connected to
a router, across a WAN, to LAN B. Your Windows PCs have no
clue that there is a GRE tunnel in-between. All they know is, their
default gateway is the internal IP address of the firewall/router you
set up. Well, maybe not their default gateway, but at least they
have a route to the LAN on the other side of the tunnel.
So what do we need with Windows so that PCs in LAN A can
browse (Network Neighborhood) shares offered by computers in
LAN B? Assuming Windows 9x, we need a way for NetBIOS name
resolution that doesn''t depend on broadcasts, so that means
you''ll
need a WINS server in both LAN A and LAN B. You''ll want to set
up the WINS servers as push/pull replication partners so they both
have up to date copies of which systems are where. And you''ll need
to set up your PCs as NBT node type 8 (I think). This is the hybrid,
where PCs first try to resolve names by asking a WINs server and then
try a broadcast if that doesn''t work.
You could also use local lmhosts files for NetBIOS name resolution,
but let''s not even go there.
If you have a Win2000 domain and all Win2000 clients, then the rules
are different. In this case, you''ll need DNS servers instead of WINS
servers.
Conceptually, the point is, you need some way to do name resolution
on both ends of your tunnel to make this work.
You will want to set up some kind of Win NT or Win 2000 domain
structure that makes sense, or you will want some kind of
workgroup structure that makes sense. So let''s say the PCs in
LAN A are all members of a workgroup named LANAWG. If you
make a PC in LAN B a member of the LANAWG workgroup, and
you have name resolution that works, then that LAN B PC should
be able to browse its Network Neighborhood and see the shares
offered by PCs in the LANAWG workgroup, no matter which side
of the tunnel they are on.
This all assumes that the Windows PCs do their jobs properly.
- Greg Scott
-----Original Message-----
From: glynn [mailto:glynn@itextron.com]
Sent: Friday, January 25, 2002 4:07 AM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] Help with gre tunneling
Hello everyone. is it possible to browse the network neigborhood if i tunnel
to a remote site ? if its possible how?
Best regards,
Glynn
It depends on what is on each end of the tunnel. If you only have Win9x desktops on one end, then you should not need WINS servers there. In this case, have the WINS server on the end with a server and point the outlying systems to use this WINS server. WINS only runs on Windows NT or 2000 server. I do not know of any WINS server software that runs on Win9x. If only Win9x systems on both ends, then you could use some kind of lmhosts file and keep the up to date copy on each system. In a completely non routed LAN, you would not need a WINS server because everyone could resolve NetBIOS names by broadcasts. But broadcasts won''t carry across your VPN because your VPN systems are also routers. DNS won''t completely do the job with Win9x clients because the clients need to know who is offering the NetBIOS services they need. That''s why you see so many WINS entries for every resolution - it does more than resolve host names, it also resolves who is providing what NetBIOS services. So the total answer depends on what kind of servers and clients you have and where they are. - Greg -----Original Message----- From: glynn [mailto:glynn@itextron.com] Sent: Wednesday, January 30, 2002 2:43 AM To: Greg Scott Cc: tunneling Subject: Re: [LARTC] Help with gre tunneling Do i really need to setup wins server in both sides? and if i configure one of my windows 98 pc how do make it as a push and pull replication? and how about nbt node type 8? do you think if i set up dns server it will work? what should be the best and easy way to have a name resolution on both ends of the tunnel? Best Regards, Glynn ----- Original Message ----- From: Greg Scott <mailto:GregScott@InfraSupportEtc.com> To: ''glynn'' <mailto:glynn@itextron.com> ; lartc@mailman.ds9a.nl <mailto:lartc@mailman.ds9a.nl> Sent: Friday, January 25, 2002 8:10 PM Subject: RE: [LARTC] Help with gre tunneling The short answer would be yes, but there are lots and lots of details. Now that your GRE tunnel is up and running, switch your thinking to look at it from Windows'' point of view. From Windows'' point of view, the GRE tunnel is really a router. So you have LAN A connected to a router, across a WAN, to LAN B. Your Windows PCs have no clue that there is a GRE tunnel in-between. All they know is, their default gateway is the internal IP address of the firewall/router you set up. Well, maybe not their default gateway, but at least they have a route to the LAN on the other side of the tunnel. So what do we need with Windows so that PCs in LAN A can browse (Network Neighborhood) shares offered by computers in LAN B? Assuming Windows 9x, we need a way for NetBIOS name resolution that doesn''t depend on broadcasts, so that means you''ll need a WINS server in both LAN A and LAN B. You''ll want to set up the WINS servers as push/pull replication partners so they both have up to date copies of which systems are where. And you''ll need to set up your PCs as NBT node type 8 (I think). This is the hybrid, where PCs first try to resolve names by asking a WINs server and then try a broadcast if that doesn''t work. You could also use local lmhosts files for NetBIOS name resolution, but let''s not even go there. If you have a Win2000 domain and all Win2000 clients, then the rules are different. In this case, you''ll need DNS servers instead of WINS servers. Conceptually, the point is, you need some way to do name resolution on both ends of your tunnel to make this work. You will want to set up some kind of Win NT or Win 2000 domain structure that makes sense, or you will want some kind of workgroup structure that makes sense. So let''s say the PCs in LAN A are all members of a workgroup named LANAWG. If you make a PC in LAN B a member of the LANAWG workgroup, and you have name resolution that works, then that LAN B PC should be able to browse its Network Neighborhood and see the shares offered by PCs in the LANAWG workgroup, no matter which side of the tunnel they are on. This all assumes that the Windows PCs do their jobs properly. - Greg Scott -----Original Message----- From: glynn [mailto:glynn@itextron.com] Sent: Friday, January 25, 2002 4:07 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] Help with gre tunneling Hello everyone. is it possible to browse the network neigborhood if i tunnel to a remote site ? if its possible how? Best regards, Glynn
hello everyone, I have a working pptp vpn ( gre tunneling ). I setup samba server on both linux server, in network A, i could see the network neighborhood with samba but i couldnt see the network of the otherside but I could open the samba server in Network B and also the workstation using \\networkB\share. I''d like to ask if its possible that im going to use the same subnet of the network B, so that both Network A and Network B are in the same subnet. Here is my config in pptp vpn on both networks. if its possible can anyone correct the config? #Network A /sbin/echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ /sbin/ipchains -A forward -s 192.168.2.0/24 -j MASQ /sbin/insmod ip_gre /sbin/ip tunnel add alas mode gre remote x.x.x.x local y.y.y.y ttl 255 /sbin/ip link set netb up /sbin/ip addr add 192.168.1.1 dev netb /sbin/ip route add 192.168.2.0/24 dev netb ------------------------------------------------------------------------------ #Network B /sbin/echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -A forward -s 192.168.2.0/24 -j MASQ /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ /sbin/insmod ip_gre /sbin/ip tunnel add text mode gre remote y.y.y.y local x.x.x.x ttl 255 /sbin/ip link set neta up /sbin/ip addr add 192.168.2.1 dev neta /sbin/ip route add 192.168.1.0/24 dev neta
I would like to make both Network A and B have the same subnet. I did a changes
to my config pls correct if this will work.
#Network A
/sbin/echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
#/sbin/ipchains -A forward -s 192.168.2.0/24 -j MASQ # this will be omitted
/sbin/insmod ip_gre
/sbin/ip tunnel add alas mode gre remote x.x.x.x local y.y.y.y ttl 255
/sbin/ip link set netb up
/sbin/ip addr add 192.168.1.1 dev netb
/sbin/ip route add 192.168.1.0/24 dev netb # this option dont work coz theres
an existing route in routing table and the routing table is set to eth1
interface. so if i force
to add it using "route add -net 192.168.1.0 netmask 255.255.255.0 dev
neta"
it cant ping
the internal ip''s only the tunnel is working :(
------------------------------------------------------------------------------
#Network B
/sbin/echo 1 > /proc/sys/net/ipv4/ip_forward
#/sbin/ipchains -A forward -s 192.168.2.0/24 -j MASQ # this will be omitted
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
/sbin/insmod ip_gre
/sbin/ip tunnel add text mode gre remote y.y.y.y local x.x.x.x ttl 255
/sbin/ip link set neta up
/sbin/ip addr add 192.168.1.2 dev neta
/sbin/ip route add 192.168.1.0/24 dev neta # this option dont work coz theres
an existing route in routing table and the routing table is set to eth1
interface. so if i force
to add it using "route add -net 192.168.1.0 netmask 255.255.255.0 dev
neta"
it cant ping
the internal ip''s only the tunnel is working :(
Pls check correct this config if its possible to work. Thanks
On Wed, Feb 13, 2002 at 10:25:55AM +0800, Glynn S. Condez wrote:> hello everyone, I have a working pptp vpn ( gre tunneling ). I setup samba > server on both linux server, in network A, i could see the network > neighborhood with samba but i couldnt see the network of the otherside but > I could open the samba server in Network B and also the workstation using > \\networkB\share. I''d like to ask if its possible that im going to use the > same subnet of the network B, so that both Network A and Network B are in > the same subnet. Here is my config in pptp vpn on both networks. if its > possible can anyone correct the config?Could you use a mailer that does not send out thousand character lines? You are supposed to wrap lines after ~75 characters on the internet. But returning to the question, yes, you can perform tricks to create a tunnel within the same subnet. This is done with proxy arp, which tells the router on Network A about which hosts live on Network B. Network A will then think the router contains Network B - no explicit routes are needed. I *think* this will do what you want but I''d advise against it. There are SMB proxy servers available which can help you browse over network borders. Those are probably the right solution. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc
Hello Bert, I understand about your solution but I dunno how to do it using proxy arp. :( Bert can you help me how to do it? I will attach my config file to this email and can you edit it and send it back to me? I really badly need to work. Thanks, glynn ----- Original Message ----- From: "bert hubert" <ahu@ds9a.nl> To: "Glynn S. Condez" <glynn@itextron.com> Cc: <lartc@mailman.ds9a.nl> Sent: Wednesday, February 13, 2002 3:59 PM Subject: Re: [LARTC] Help with GRE Tunneling> On Wed, Feb 13, 2002 at 10:25:55AM +0800, Glynn S. Condez wrote: > > > hello everyone, I have a working pptp vpn ( gre tunneling ). I setupsamba> > server on both linux server, in network A, i could see the network > > neighborhood with samba but i couldnt see the network of the othersidebut> > I could open the samba server in Network B and also the workstationusing> > \\networkB\share. I''d like to ask if its possible that im going to usethe> > same subnet of the network B, so that both Network A and Network B arein> > the same subnet. Here is my config in pptp vpn on both networks. if its > > possible can anyone correct the config? > > Could you use a mailer that does not send out thousand character lines?You> are supposed to wrap lines after ~75 characters on the internet. But > returning to the question, yes, you can perform tricks to create a tunnel > within the same subnet. > > This is done with proxy arp, which tells the router on Network A aboutwhich> hosts live on Network B. Network A will then think the router contains > Network B - no explicit routes are needed. > > I *think* this will do what you want but I''d advise against it. There are > SMB proxy servers available which can help you browse over networkborders.> Those are probably the right solution. > > Regards, > > bert > > -- > http://www.PowerDNS.com Versatile DNS Software & Services > http://www.tk the dot in .tk > Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - > Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:http://ds9a.nl/lartc/>