Are you sure the FW is really bridging and not routing? Sounds like the
name service broadcasts are not passing the firewall, making it a router and
not a bridge.
jason
> -----Original Message-----
> From: Oommen Thomas [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, March 31, 2000 12:24 PM
> To: LENGARD Pascal OCISI
> Cc: 'Linux Admin List'; 'Linux Net List'
> Subject: RE: SAMBA & Cross-subnet browsing
>
>
> Tried that too.
> Doest work even after allowing all tcp/udp ports between DMZ and LAN.
> I can access everything from inside.
> But from from DMZ, the browse list shows up but LAN machines not
> accessible (all in Win).
>
> Thanks
> Oommen
>
> On Fri, 31 Mar 2000, LENGARD Pascal OCISI wrote:
>
> <pascal.lengard>open wide your firewall and test again. if it still does
> not work then you
> <pascal.lengard>have a SAMBA problem, else you have a firewall-rule
> problem.
> <pascal.lengard>
> <pascal.lengard>pascal
> <pascal.lengard>
> <pascal.lengard>> -----Original Message-----
> <pascal.lengard>> From: [EMAIL PROTECTED]
> <pascal.lengard>> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Oommen Thomas
> <pascal.lengard>> Sent: Friday, March 31, 2000 5:44 PM
> <pascal.lengard>> To: Linux Admin List; Linux Net List
> <pascal.lengard>> Subject: SAMBA & Cross-subnet browsing
> <pascal.lengard>>
> <pascal.lengard>>
> <pascal.lengard>>
> <pascal.lengard>> Hi all,
> <pascal.lengard>>
> <pascal.lengard>> We have a Linux firewall bridging a LAN and the Internet
> (most clients
> <pascal.lengard>> being win9x and NT).
> <pascal.lengard>> There are some machines in the DMZ too.
> <pascal.lengard>> A Linux/SAMBA server is used as the WINS server for both
> subnets.
> <pascal.lengard>>
> <pascal.lengard>> Each machine within the LAN can see/browse all other
> machines.
> <pascal.lengard>> But not the other way round.
> <pascal.lengard>> ie the machines in the DMZ can see but not browse the
> LAN machines.
> <pascal.lengard>>
> <pascal.lengard>> I have allowed traffic of udp/tcp ports 137-139 between
> DMZ
> <pascal.lengard>> and LAN, with
> <pascal.lengard>> masquearding. Isn't that enough, or do I have to do
> anything
> <pascal.lengard>> more on the
> <pascal.lengard>> firewall?
> <pascal.lengard>>
> <pascal.lengard>> TIA
> <pascal.lengard>> -
> <pascal.lengard>> Oommen
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
