Hi, I have setup a Linux + FreeS/WAN VPN firewall/gateway to provide Out-of-Office access. I have used DHCP to provide a small subnet block of Internal IPs for use by the external VPN Road Warriors, (All running XP with SSH Sentinel), on their Virtual network interfaces, and the VPN gateway performs ARP proxy on the internal interface so packets go to the right place. No NAT is performed on this traffic. Perhaps some ASCII art also helps, (any excuse): +--------+ | | 192.168.0.192 (Virtual) | VPN #1 | | client |===+ | | | +--------+ - +--------+ ARP Proxy | | .... Internet |===| VPN GW |---| Office network 192.168.0.0/24 | | +--------+ - +--------+ | | | | VPN #n |===+ | client | | | 192.168.0.223 (Virtual) +--------+ This works great so far in that most network traffic, (access to intranet web servers, etc.), functions correctly, but one of the main uses of this VPN is to provide access to the various Samba servers on the network. Currently however, the WINS/Master browser component on the network is provided by an NT box, and has it's IP passed by the DHCP server. Currently, I cannot get the remote clients to successfully browse the workgroup, but direct connections to the shares on the Samba servers can be established and work with no discernable problems, I just cannot navigate to them. I have checked the iptables firewall rules, and I'm letting all 137/138/139 traffic through. I don't have the inclination or desire to debug the NT box, but prior to this problem, I was thinking about retiring the NT box anyway in preference of using one of the Samba servers, (I can't think why the NT box is used solely for this purpose anyway, Samba can easily handle this role). I'm thinking regardless of software, that part of the problem is that UDP broadcast traffic cannot reach the Office network from the VPN clients, and vice versa, by virtue of the topology, so browse lists can't be propagated correctly. Would putting something along the lines of: remote announce = 192.168.0.192 192.168.0.193 ... 192.168.0.223 into the WINS/Browse Master Samba machines smb.conf solve this problem? Or if anyone has any useful advice for getting Samba working over this kind of network topology, I would be very grateful. TIA Matt -- "Doctor Fact is knocking at the door. Someone -- please -- let the man in!" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : lists.samba.org/archive/samba/attachments/20030114/a6ddd70c/attachment.bin