Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Browsing Servers from different subnets issue 3

Status
Not open for further replies.
Daveyd123

Daveyd123

MIS
Aug 25, 2004
413
US
On my core router I have 2 interfaces setup to use 192.168.0.x and 192.168.1.x subnets.

I have servers on both 0.x and 1.x. If I am on a server with a 0.x IP address, I can go into Network Places/Entire Network and "see" all servers on BOTH the 0.x and 1.x subnets.

If I am on a server on the 1.x subnet, and go into Network Places/Entire Network, I can only see servers on the 1.x subnet and NOT the 0.x. I can ping, map drives and access all resources on the servers on the 0.x subnet...just can't "see" them.

Thsi is having an effect on Backup Exec, which is on the 1.x subnet and cannot "see" the Servers in the 0.x subnet and therefore I cannot choose them to put in the backups.

Any ideas?
 
Sort by date Sort by votes
WKK-

My bad I get confused jumping back and forth from unix/linux to windows sorry.

Davey you stated earlier that you have a wins server on that subnet so thus you could see them without the IP helper.
 
Upvote 0 Downvote
Looks like I have run into an issue witht he ip help command

I enabled the ip helper 192.168.1.255 command on the 192.168.0.1 interface. As soon as it was enabled, my Firewall got bombarded with broadcasts from ALL of our subnets..1.x-7.x. The broadcasts would come from various subnets at 15-20/sec. That can't be healthy
 
Upvote 0 Downvote
well if you want you can setup an ACL blocking ports 135 and 138 going to your firewall.
 
Upvote 0 Downvote
You can setup an ACL like w33mhz.
As far as the broadcasts, you want to see the broacasts. This is how the browse list is created. Yes, it is healthy.
You should see SMB Host Announcements. Something similar to:
SMB Microsoft Windows Browser Protocol
Command: Host Announcement (0x01)
Unpdate count: 0
Update Periodicity: 12 minutes
Host name: ComputerName
OS Major Version: 5
OS Minor Version: 1
Etc...

This is what spurred the question regarding port 445 within the helper IP address.

So the broadcasts are what you want to see...
NetBIOS is chatty, but this is how it was designed.
 
Upvote 0 Downvote
To enable browsing between subnets you don't want to just enable IP Helpers with the default broadcast forwarding, as you have discovered it introduces more problems....
Restrict what broadcasts are forwarded by removing everything except BOOTP/DHCP (unless you don't need to forward DHCP requests over the WAN?, if that's the case then just remove the IP Helpers).

In global config enter the following:
Code: 
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs

You then need a stable Master Browser per network/subnet (this ideally needs to be a machine that is on constantly), plus WINS must be configured and the clients need to know where the WINS servers are (through DHCP or statically configured). You should really have multiple WINS servers with replication, however with a small setup like this you can probably get away with one if you can live with the potential downtime of this server?

After that is should all be automatic - each network/subnet Master Browser should maintain the browse list all devices in the domain.

Personally I have disabled NetBIOS completely so we can't even browse the local network...... We rely on shares (and every thing else) being published in AD. Might be worth looking at what can be configured on Backup Exec?

HTH

Andy
 
Upvote 0 Downvote
Actuall now that I think of it. Another thing you should do, besides the ACL, is to configure your router(s) not to allow broadcasts from the router interface that connects to the firewall interface. There is no reason NetBIOS broadcasts you ever hit the firewall interface.
 
Upvote 0 Downvote
I agree with what ADB100 just stated, as well as being able to show it in Cisco Speak...

Just one thing...
You then need a stable Master Browser per network/subnet (this ideally needs to be a machine that is on constantly)
Click to expand...
This is handled automatically via an election process. I don't know of a way to hard code a master browser per subnet, not sure you can. Don't really think you need to worry about this...

Nicly put ADB100, join the star club...
 
Upvote 0 Downvote
You can force Master Browser behaviour by changing the registry, however due to the way the election process works if you have a Server at the remote site you probably already have the necessary master browser.

A quick search on google produced this:


HTH

Andy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
935
gbaughma
gbaughma
techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
594
araheusaff
araheusaff
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
861
goombawaho
goombawaho
pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
710
pomazip
pomazip
maybeimaleo
  • Locked
  • Question
Can SMTP Be Migrated From 2008 R2 to 2019?
Replies
1
Views
263
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top