From owner-freebsd-stable  Wed Mar 27  6:46:46 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp2.knology.net (user-24-214-63-14.knology.net [24.214.63.14])
	by hub.freebsd.org (Postfix) with SMTP id 55CA837B417
	for <stable@FreeBSD.ORG>; Wed, 27 Mar 2002 06:46:40 -0800 (PST)
Received: (qmail 27255 invoked from network); 27 Mar 2002 14:46:12 -0000
Received: from user-24-214-92-93.knology.net (HELO grumpy.dyndns.org) (24.214.92.93)
  by user-24-214-63-14.knology.net with SMTP; 27 Mar 2002 14:46:12 -0000
Received: (from dkelly@localhost)
	by grumpy.dyndns.org (8.11.6/8.11.6) id g2REkBB44832;
	Wed, 27 Mar 2002 08:46:11 -0600 (CST)
	(envelope-from dkelly)
Date: Wed, 27 Mar 2002 08:46:11 -0600
From: David Kelly <dkelly@hiwaay.net>
To: "Karl M. Joch" <k.joch@kmjeuro.com>
Cc: stable@FreeBSD.ORG
Subject: Re: FreeBSD4.5->IPSEC<-FreeBSD 4.5 Samba 2.2.3a Subnet Browsing.
Message-ID: <20020327084611.B44778@grumpy.dyndns.org>
References: <3CA1ABF2.5000908@kmjeuro.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <3CA1ABF2.5000908@kmjeuro.com>; from k.joch@kmjeuro.com on Wed, Mar 27, 2002 at 12:24:34PM +0100
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Wed, Mar 27, 2002 at 12:24:34PM +0100, Karl M. Joch wrote:
> Hi,
> 
> i have a main net with a samba 2.2.3.a server and a subnet which is 
> connected via ipsec to the main net.
> 
> |FBSD 4.5 Firewall|----------ipsec--------|FBSD.4.5 Firewall|
>          |                                           |
>          |                                           |
>          |                                           |
> ---- main net 192.168.M.x ------            ------ subnet 192.168.S.x---
>    |                                           |
>    |                                           |
>    |                                           |
> |FBSD4.5/Samba2.2.3a/WorkGroup MAIN|        |FBSD4.5/Samba 2.2.3a|
>                                              |WORKGROUP: SUBNET   |
> 
> 
> everythink works great in the local subnets. furthermore access from 
> M->S and S->M is working fine. but there is need that the MAIN net sees 
> the workstations and the servers in the SUBNET. the SUBNET should not 
> see the MAIN PCs in the browsing list.

Its "on my list of things to do" to set up somethign similar to what you
describe. So I haven't done this yet. But monitoring local network
activity I see Windows systems broadcasting packets to the local net.
Guessing that's how they find each other. If these broadcast packets
don't cross the IPsec link then the two sides can't browse each other.
My best guess.

-- 
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message