Topic: SME 7.1.3 + Windows Network Neighbourhood

[cubique]

:!:I've search the forum for hours to find a problem/response for an issue like mine, I couldn't find anything related to this so I've posted new topic;
----------------
I have an SME 7.1.3 as dedicated server+gateway installed on my lan, which act as a gateway and also PDC for rest of us; all around we are working with WinXP Pro.

I don't know exactly what is happening, but it seems that in Network Neighbourhood (aka My Network Places) I can see my domain name (inside all workstations authetificated on PDC), but also I can see another 7 domains/workgroups and I don't know nothing about them (for sure are distinct local networks which belongs to the same ISP I using for my net connection).

I believe that this is because NetBios , port 137-139; I've done a Online Security Check (from symantec.com), they are not able to see my 137-139 ports opened but Symantec says that they could find my domain/gateway names as exposed by netbios (the values presented by them are correct)

What is wrong with my SME configuration? (btw: I've done no customization, I've not altered no configuration to iptables or other table)
Any suggestion would be appreciated.

Best rgds,
Eugen

[davidsnot]

I know this is a dumb question, but when I set mine up, I had a heck of a time figuring out which ethernet card was the outside world, and which the inside.

You sure you got the connections right?

david

[cubique]

Maybe not a dumb question,I've ask myself that too then I've done an experiment:
- I've said: if I switched the (net) cords between (lan/wan) cards it means that the card configured as 192.168.2.1 is plugged in the WAN cord and viceversa, the card configured as 82.x.x.x is plugged in the LAN cord
- first of all: does my ISP allow me to coonect his network as 192.168.2.1? I guess not; second: if let's suppose my ISP allows me, how can others see my gw from outside when they access 82.x.x.x ?
- btw: I've switched the cords between cards and then there is no WAN connection

but the question is very legitime, because lot of time I was wondering that too;

Any other ideea/suggestions?
Thx in advance,
Eugen

[idp_qbn]

Hi, I know this is not going to directly solve your problem, but think about NOT having the PDC as server/gateway.

Can you get hold of another less powerful (but not totally decrepit) PC and use it as your firewall/gateway?

I make this suggestion only because I have an aversion to having the core unit of my network double up as the entry point for the Internet. Firewalls can be rebuilt in 1/2 an hour. Servers (especially PDCs) take much longer.

I have been using IPCOP for 3 years, which runs well on a 400MHz PC with 256 Mb RAM.  Actually, yesterday I replaced it with SME Server/Gateway just to compare .... and to simplify administration.

Have you perhaps allowed some mapping of ports on your modem/router to your PDC Server/Gateway?

Cheers

Ian

[cubique]

Interesting, but the behaviour I've described is the result of Samba that in SME 7 enable by default the Wins resolution (maybe to provide names resolution for pre-Windows 2000 clients);

well, just set:
    wins support = no
    bind interfaces only = yes
in /etc/samba/smb.conf and the problem gone!

..more options to setup the samba to be a safe service can find at:

http://www.faqs.org/docs/securing/chap29sec284.html