/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
----- Original Message -----
From: Josh Hardison at ADS <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 20, 1999 4:02 PM
Subject: [Masq] Printing from behind a masq machine?
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
*/
>
>
> Has any one ever gotten a windows machine to find a network printer from
> behind a masquerading linux box? That is : the windows machine is being
> masq-ed, not the printer. Windows can ping the printer, and I know the
> printer works. Linux prints to it just fine (which should surprise no
> one..), but windows can't find the printer in it's "network neighborhood",
> even if I explicitly state the printers IP.
>
This is normal.
On local networks a machine is elected to be a "master browser" under
windows. This machine (Microshaft prefers NT boxes, duh) contains a list of
share which are available on you "LOCAL" lan.
When two network "segments" are directly connected, your Winblows machines
on your segment will only see your local computers in network neighborhood.
In order to "see" those on the "other side" a multi-homed machine must be
set up as a WINS server.
This effectively shares the information BETWEEN the connected LANS...
Now if you are attempting to connect accross the internet, all bets are off.
(Imaging seeing every machine on every LAN on you "network neighborhood".)
You will not see the remote machines unless you have a VPN running...
This does not mean you cannot, however, access the remote machines or
printers.
If the remote machine is "on" the internet (I.E. not behind a firewall) you
can merely specify the IP address (of course it must also not be using a
reserved IP) as the name of the machine...
Thus \\10.0.0.20\C might be used to map a drive to a remote computer's hard
drive in Winblows. (Note this IP is reserved so it will NOT work). Likewise
you can connect to a shared printer on the same machine by specifying
\\10.0.0.2\HP1600C or whatever the "published" short name of the "share"
(read shared device) is.
This works just great, and I do it all the time. It surprises the hell out
of people when I browse their shares and print things out on their printers
(normally because the securities are set WAY too low!)
Oh, yes one more thing... Win98, to improve it's loose security, is prone to
"unbind" TCP/IP from MS Windows Networks using PPP... Win95 defaulted to
leaving it bound 98 closed this hole a bit.. (Note if the remote LAN is
connected via an UNFIREWALLED router this hole is wide open). Microshaft did
this to prevent the above.
You must enabled "File and printer sharing for Microsoft Windows" on the
remote machine for TCP/IP and if they are using a dialup, you must also
ENABLE it for PPP.
> The ruleset for the masq box is pretty loose. It'll masq anything going
> out.
>
This is not a masq problem. Masq is able to handle this just fine. Note you
can "see" them, they can't "see" you!
> Masq is working beautifully for everything else. Anyone have any bright
> ideas?
Also make sure you can PING the remote computer.
Hints:
If you can ping but not connect, try making yourself part of the same
"workgroup".
A lot depends upon how their securities are set.
Specify IP's explicidly when you connect.
If they have USER level security turned on, you'll need to not only be "in"
the same workgroup, but you'll also need to use a username and password,
which is valid on THEIR machine when you log into yours...
(Windows exchanges ID/PW info about the current user, when you attempt to
connect.)
If you are still having problems, make sure you enable clear text
passwords... (You'll need the .reg script to enable this... see SAMBA)
"SMBCLIENT" is your friend.
At the least you should be able to go to your Linux box and using SMBCLIENT,
browse the shares on the remote machine... (Note: Specify the remote machine
with -L 10.0.0.2 -U validuser, SMBCLIENT should respond with a Password:
prompt. You'll need to enter "validuser"'s password on the remote
machine...)
If the above does not give you a password prompt, they might not have TCP/IP
set up properly. If you can't log in, it's a security problem.
>
> Josh Hardison
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
