|
To: |
Naoki <i_naoki,AT,mbf,DOT,nifty,DOT,com> |
|
Subject: |
Re: Redhat9 CIPE |
|
From: |
Les Mikesell <les,AT,futuresource,DOT,com> |
|
Date: |
24 Jul 2003 11:35:03 -0500 |
|
Cc: |
cipe-l,AT,inka,DOT,de |
|
In-reply-to: |
<000c01c351f9$9217b680$c801a8c0@naoki3> |
|
Organization: |
|
|
References: |
<000c01c351f9$9217b680$c801a8c0@naoki3> |
On Thu, 2003-07-24 at 10:38, Naoki wrote:
> Are there any ways to see NetBIOS name without wins server ?
>
You need it if you want to be able to browse the network neighborhood
across any kind of router. This isn't related to cipe at all.
> I guess, if iptables accepts port 137:139 for CIPE, I can see it.
>
> How is my guess ?
>
If you know the IP numbers or the netbios names are the same
as DNS names you can connect to the shared resources without
WINS involvement.
> In this situation, I must build a Firewall system with VPN for business.
> If I build Samba into this system, security will not be good.
Why do you say that? Compared to Windows, Samba security is excellent.
> (And, if ClientPC is not on LAN(Ex.dial-up), there is not wins server.)
Look at the client IP number. I think you'll see that it is on
the LAN and the server is forwarding broadcasts instead of
routing.
> Though I tryed to use lmhosts in WindowsPC on LAN2, I could not
> see the another side NetBIOS name on LAN1 directly.
> After search this NetBIOS name, I could find it.
It won't show up in the browse list, but like using the IP number
or DNS name, it lets you connect if you know the resource name.
> Anyway, I really worry now. Since CIPE is faster than IPsec and is
> useful for NAT, I'd like to use CIPE very much.
You are going to have exactly the same issue with any solution
that works like a router and does not forward broadcasts.
---
Les Mikesell
les,AT,futuresource,DOT,com