Re: Redhat9 CIPE|
Les Mikesell <les,AT,futuresource,DOT,com>|
27 Jul 2003 11:59:11 -0500|
cipe-l,AT,inka,DOT,de, Renato Salles <rsalles,AT,rsnetservices,DOT,com,DOT,br>, DavidB,AT,mail,DOT,interclean,DOT,com, russ,AT,berrex,DOT,com|
On Sun, 2003-07-27 at 09:44, Naoki wrote:
> 2) It is necessary to add wins server (PDC).
> (To share NetBios name between local subnet to remote subnet)
A WINS server does not need to be a PDC.
> In frankly, I don't want to add Samba in firewall as possible.
> And then, I cannot make my customers add any wins servers in
> the another their PC on their LAN.
> I would like to solve it step by step. If you have more advices,
> Please let me know.
I think you should reconsider what you are trying to do. First, it is
really a bad idea to give full access to a NETBIOS LAN to machines
where you don't have administrative control. You will expose all
of your machines (and theirs) to the many viruses that spread through
file shares and you won't be able to enforce a policy of installing
anti-virus products. Second, the only thing you get from WINS is the
ability to locate shares you don't already know about. If you want to
share a few well-known resources with outsiders you can just give them
the names along with a username and password that they need to connect
to keep the viruses out) and they can map drives without browsing for
the names. If the names are in DNS this will work without WINS.
However, I'd really recommend that you come up with a way to
share whatever it is that you need to share over protocols that
are easier to control than NETBIOS. If you just need to exchange
some files, try to use ftp and http, or if you want to really
go for security, use something that runs over ssh like winscp
(http://winscp.sourceforge.net/eng/). If you can host the ssh
server and the shared files on the firewall you might not even
need to use cipe or deal with routing issues at all. If you need
interactive access to programs, try to find something that works
over https for the same effect. Even if you do use cipe to route
these internet protocols to otherwise firewalled internal machines
it is much easier to control the remote access.