On Thu, Jun 12, 2008 at 3:58 PM, Roger Searle <[EMAIL PROTECTED]> wrote: > Thanks Chris, turns out I don't need to open anything but your suggestion of > 137-139. nmap shows: > > [EMAIL PROTECTED]:~$ nmap 10.2.1.250 > Starting Nmap 4.53 ( http://insecure.org ) at 2008-06-12 1 > 4:41 NZST > Interesting ports on 10.2.1.250: > Not shown: 1706 closed ports > PORT STATE SERVICE > 21/tcp open ftp > 23/tcp open telnet > 80/tcp open http > 139/tcp open netbios-ssn > 514/tcp open shell > 515/tcp open printer > 631/tcp open ipp > 9100/tcp open jetdirect > > though none of 515, 631 or 9100 are needed. I'm successful in so far as I > can browse to 10.2.1.250 and see the printer named there, install drivers > and have a printer to which I can print. ie I have a > \\10.2.1.250\aficio3025 print device via the blue network, unable to > resolve the IP address to name and have \\ricoh\aficio3025 as is the case on > green. While it's perhaps only marginally a linux question, could I do > something with the IPCop box to allow name resolution to take place between > these subnets? > > Thanks to everyone for getting me this far. If it goes no further, I'd > consider this solved enough.
yes you can have the DHCP server hand out the details of the netbios name server to the clients on the wireless subnet. Sorry I am a bit vague on details, but I can tell you this: smb/nmb name resolution doesn't work properly across subnet boundaries and you need to tell the clients on the wireless subnet where to look for name resolution. Something like a line in your ipcop's DHCP config like: option netbios-name-servers 10.1.x.x where 10.1.x.x is on the green network and is probably your domain server, or main windows server, or maybe a samba box fulfilling those duties. IPCOP's dhcp service config page has scope for setting up extra dhcp parameters. Sorry to be vague. There used to be a good site in Belgium that explained windows networking and the hows and whys of samba very simply and very well, but it disappeared years ago. I miss it! Nick. > > Cheers, > Roger > > > Christopher Sawtell wrote: >> >> You need these open. >> >> netbios-ns 137/tcp # NETBIOS Name Service >> netbios-ns 137/udp >> netbios-dgm 138/tcp # NETBIOS Datagram Service >> netbios-dgm 138/udp >> netbios-ssn 139/tcp # NETBIOS session service >> netbios-ssn 139/udp >> >> >> On 6/12/08, Roger Searle <[EMAIL PROTECTED]> wrote: >> >>> >>> Nick Rout wrote: >>> >>>> >>>> On Thu, Jun 12, 2008 at 9:42 AM, Roger Searle <[EMAIL PROTECTED]> >>>> wrote: >>>> >>>> >>>>> >>>>> Steve Holdoway wrote: >>>>> >>>>> >>>>>> >>>>>> On Wed, 11 Jun 2008 16:25:25 +1200 >>>>>> Roger Searle <[EMAIL PROTECTED]> wrote: >>>>>> >>>>>> >>>>>> I want the wireless clients to be able to access the file share on the >>>>>> green network and believe I need to set up a DMZ pinhole - is that >>>>>> correct? >>>>>> If so, what port(s) (or range) should I open? >>>>>> >>>>>> Yes, you are correct. You need to open 2 udp ports - 137 and 138 for >>>>>> NetBIOS Name and Datagram services, and tcp ports 139 and 445 for >>>>>> NetBIOS >>>>>> session and M$ Directory services. Jut open it for the IP address of >>>>>> the >>>>>> XP >>>>>> client and all should be sweet. >>>>>> hth, >>>>>> >>>>>> Steve >>>>>> >>>>>> >>>>>> >>>>> >>>>> Thanks, very helpful - it "just works", nice! Now I'd like to be able >>>>> to >>>>> print as well, more holes needed since none of the printers are >>>>> available. >>>>> Simplest case is the office printer/copier with it's own IP address >>>>> directly on the green network. What ports/protocols do I need open for >>>>> that? >>>>> And then for a printer attached to a PC, presumably this requires >>>>> opening >>>>> ports to the PC's address, but is the process essentially the same and >>>>> the >>>>> ports the same? >>>>> >>>>> Cheers, >>>>> Roger >>>>> >>>>> >>>> >>>> What protocol are you using for the printer? >>>> >>>> >>>> >>> >>> The port configuration taken from a windows machine that connects to >>> this printer says "raw" protocol on port 9100. Having earlier guessed >>> that it might be IPP, I currently have pinholes for the following: both >>> TCP and UDP, for each of the ports 9100, 631 and 80, each from blue >>> network to green network. I still get "printer not found on server, >>> unable to connect" from the XP client. So my guesses aren't quite right >>> - I'm not sure what to look for or at from this point? >>> >>> >> >> >> >
