This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1A988.6FF2CA4A Content-Type: text/plain; charset="iso-8859-1" It depends on what is on each end of the tunnel. If you only have Win9x desktops on one end, then you should not need WINS servers there. In this case, have the WINS server on the end with a server and point the outlying systems to use this WINS server. WINS only runs on Windows NT or 2000 server. I do not know of any WINS server software that runs on Win9x. If only Win9x systems on both ends, then you could use some kind of lmhosts file and keep the up to date copy on each system. In a completely non routed LAN, you would not need a WINS server because everyone could resolve NetBIOS names by broadcasts. But broadcasts won't carry across your VPN because your VPN systems are also routers. DNS won't completely do the job with Win9x clients because the clients need to know who is offering the NetBIOS services they need. That's why you see so many WINS entries for every resolution - it does more than resolve host names, it also resolves who is providing what NetBIOS services. So the total answer depends on what kind of servers and clients you have and where they are. - Greg -----Original Message----- From: glynn [mailto:glynn@itextron.com] Sent: Wednesday, January 30, 2002 2:43 AM To: Greg Scott Cc: tunneling Subject: Re: [LARTC] Help with gre tunneling Do i really need to setup wins server in both sides? and if i configure one of my windows 98 pc how do make it as a push and pull replication? and how about nbt node type 8? do you think if i set up dns server it will work? what should be the best and easy way to have a name resolution on both ends of the tunnel? Best Regards, Glynn ----- Original Message ----- From: Greg Scott <mailto:GregScott@InfraSupportEtc.com> To: 'glynn' <mailto:glynn@itextron.com> ; lartc@mailman.ds9a.nl <mailto:lartc@mailman.ds9a.nl> Sent: Friday, January 25, 2002 8:10 PM Subject: RE: [LARTC] Help with gre tunneling The short answer would be yes, but there are lots and lots of details. Now that your GRE tunnel is up and running, switch your thinking to look at it from Windows' point of view. From Windows' point of view, the GRE tunnel is really a router. So you have LAN A connected to a router, across a WAN, to LAN B. Your Windows PCs have no clue that there is a GRE tunnel in-between. All they know is, their default gateway is the internal IP address of the firewall/router you set up. Well, maybe not their default gateway, but at least they have a route to the LAN on the other side of the tunnel. So what do we need with Windows so that PCs in LAN A can browse (Network Neighborhood) shares offered by computers in LAN B? Assuming Windows 9x, we need a way for NetBIOS name resolution that doesn't depend on broadcasts, so that means you'll need a WINS server in both LAN A and LAN B. You'll want to set up the WINS servers as push/pull replication partners so they both have up to date copies of which systems are where. And you'll need to set up your PCs as NBT node type 8 (I think). This is the hybrid, where PCs first try to resolve names by asking a WINs server and then try a broadcast if that doesn't work. You could also use local lmhosts files for NetBIOS name resolution, but let's not even go there. If you have a Win2000 domain and all Win2000 clients, then the rules are different. In this case, you'll need DNS servers instead of WINS servers. Conceptually, the point is, you need some way to do name resolution on both ends of your tunnel to make this work. You will want to set up some kind of Win NT or Win 2000 domain structure that makes sense, or you will want some kind of workgroup structure that makes sense. So let's say the PCs in LAN A are all members of a workgroup named LANAWG. If you make a PC in LAN B a member of the LANAWG workgroup, and you have name resolution that works, then that LAN B PC should be able to browse its Network Neighborhood and see the shares offered by PCs in the LANAWG workgroup, no matter which side of the tunnel they are on. This all assumes that the Windows PCs do their jobs properly. - Greg Scott -----Original Message----- From: glynn [mailto:glynn@itextron.com] Sent: Friday, January 25, 2002 4:07 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] Help with gre tunneling Hello everyone. is it possible to browse the network neigborhood if i tunnel to a remote site ? if its possible how? Best regards, Glynn ------_=_NextPart_001_01C1A988.6FF2CA4A Content-Type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META content="MSHTML 5.50.4611.1300" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial color=#0000ff size=2> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2>It depends on what is on each end of the tunnel. If you only have Win9x desktops on one end, then you should not need WINS servers there. In this case, have the WINS server on the end with a server and point the outlying systems to use this WINS server. WINS only runs on Windows NT or 2000 server. I do not know of any WINS server software that runs on Win9x. </FONT></SPAN></DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2>If only Win9x systems on both ends, then you could use some kind of lmhosts file and keep the up to date copy on each system.</FONT></SPAN></DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2>In a completely non routed LAN, you would not need a WINS server because everyone could resolve NetBIOS names by broadcasts. But broadcasts won't carry across your VPN because your VPN systems are also routers. </FONT></SPAN></DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2>DNS won't completely do the job with Win9x clients because the clients need to know who is offering the NetBIOS services they need. That's why you see so many WINS entries for every resolution - it does more than resolve host names, it also resolves who is providing what NetBIOS services. </FONT></SPAN></DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2>So the total answer depends on what kind of servers and clients you have and where they are.</FONT></SPAN></DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2>- Greg</FONT></SPAN></DIV> <DIV><SPAN class=300171012-30012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV></FONT></DIV> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> glynn [mailto:glynn@itextron.com]<BR><B>Sent:</B> Wednesday, January 30, 2002 2:43 AM<BR><B>To:</B> Greg Scott<BR><B>Cc:</B> tunneling<BR><B>Subject:</B> Re: [LARTC] Help with gre tunneling<BR><BR></FONT></DIV> <DIV> <DIV><FONT face=Arial size=2>Do i really need to setup wins server in both sides? and if i configure one of my windows 98 pc how do make it as a push and pull replication? and how about nbt node type 8? do you think if i set up dns server it will work? what should be the best and easy way to have a name resolution on both ends of the tunnel?</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Best Regards,</FONT></DIV> <DIV><FONT face=Arial size=2>Glynn</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV>----- Original Message ----- </DIV> <BLOCKQUOTE dir=ltr style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> <A title=GregScott@InfraSupportEtc.com href="mailto:GregScott@InfraSupportEtc.com";>Greg Scott</A> </DIV> <DIV style="FONT: 10pt arial"><B>To:</B> <A title=glynn@itextron.com href="mailto:glynn@itextron.com";>'glynn'</A> ; <A title=lartc@mailman.ds9a.nl href="mailto:lartc@mailman.ds9a.nl";>lartc@mailman.ds9a.nl</A> </DIV> <DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, January 25, 2002 8:10 PM</DIV> <DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [LARTC] Help with gre tunneling</DIV> <DIV><BR></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>The short answer would be yes, but there are lots and lots of details. </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002></SPAN> </DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>Now that your GRE tunnel is up and running, switch your thinking to</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>look at it from Windows' point of view. From Windows' point of view,</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>the GRE tunnel is really a router. So you have LAN A connected to</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>a router, across a WAN, to LAN B. Your Windows PCs have no</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>clue that there is a GRE tunnel in-between. All they know is, their</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>default gateway is the internal IP address of the firewall/router you</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>set up. Well, maybe not their default gateway, but at least they </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>have a route to the LAN on the other side of the tunnel.</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>So what do we need with Windows so that PCs in LAN A can</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>browse (Network Neighborhood) shares offered by computers in</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>LAN B? Assuming Windows 9x, </FONT></SPAN><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>we need a way for NetBIOS name </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>resolution that </FONT></SPAN><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>doesn't depend on broadcasts, so that means you'll </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>need a WINS </FONT></SPAN><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>server in both LAN A and LAN B. You'll want to set </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>up the WINS </FONT></SPAN><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>servers as push/pull replication partners so they both </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>have up </FONT></SPAN><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>to date copies of which systems are where. And you'll need</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>to set up your PCs as NBT node type 8 (I think). This is the hybrid,</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>where PCs first try to resolve names by asking a WINs server and then</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>try a broadcast if that doesn't work. </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>You could also use local lmhosts files for NetBIOS name resolution,</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>but let's not even go there.</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002></SPAN> </DIV></FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>If you have a Win2000 domain and all Win2000 clients, then the rules</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>are different. In this case, you'll need DNS servers instead of WINS</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>servers. </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>Conceptually, the point is, you need some way to do name resolution</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>on both ends of your tunnel to make this work. </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>You will want to set up some kind of Win NT or Win 2000 domain </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>structure that makes sense, or you will want some kind of </FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>workgroup structure that makes sense. So let's say the PCs in</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>LAN A are all members of a workgroup named LANAWG. If you</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>make a PC in LAN B a member of the LANAWG workgroup, and</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>you have name resolution that works, then that LAN B PC should</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>be able to browse its Network Neighborhood and see the shares</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>offered by PCs in the LANAWG workgroup, no matter which side</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>of the tunnel they are on.</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>This all assumes that the Windows PCs do their jobs properly.</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2>- Greg Scott</FONT></SPAN></DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=140165011-25012002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> glynn [mailto:glynn@itextron.com]<BR><B>Sent:</B> Friday, January 25, 2002 4:07 AM<BR><B>To:</B> lartc@mailman.ds9a.nl<BR><B>Subject:</B> [LARTC] Help with gre tunneling<BR><BR></FONT></DIV> <DIV><FONT face=Arial size=2>Hello everyone. is it possible to browse the network neigborhood if i tunnel to a remote site ? if its possible how? </FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Best regards,</FONT></DIV> <DIV><FONT face=Arial size=2>Glynn</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></DIV></BLOCKQUOTE></BODY></HTML> ------_=_NextPart_001_01C1A988.6FF2CA4A--
