Hello John,
Here is my opinion. Temporarily, take the software or the workstation to the
same subnet of the Server and see if it runs OK. While it is there, you can
capture a few packets to see the conversations and the ports that are being
utilized. This gives you a pretty good idea of the goal. If that is
inconvenient, then do a ip forward-protocol any-local-broadcast very
temporarily. Contrary to popular belief, it should not kill your router
unless it is already on the brink.
Assuming that it is the Netbios ports(137,138,139), You might be better of
using the ip helper-address command and the no ip helper-address command for
the ports you do not want to be sent across the router. I think that there
is a default of 7 UDP protocols which are automatically forwarded with this
command.
In your config below, I think it might work, but only 1 access-list would do
the trick because the server should not do any broadcasting once it is
contacted by the client. Of course, that depends on the application
software. What is it called anyway ?
Access-Lists are a necessary evil which should be avoided whenever possible.
Personally, I think that less resources would be used to decide whether to
drop or foward a broadcast than to compare it to an access list.
Winston.
-----Original Message-----
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Sunday, December 31, 2000 2:01 AM
To: [EMAIL PROTECTED]
Subject: Re: NetBios forwarding (Addendum)
Okay, after a tad more research, I've come up with the following config,
which corrects some mistakes and misunderstandings in my previous config.
interface Serial0
ip address 10.1.1.254 255.255.255.0
ip directed-broadcast 101
!
interface Serial1
ip address 10.2.2.254 255.255.255.0
ip directed-broadcast 102
!
access-list 101 permit udp host 10.1.1.1 any eq netbios-ns
access-list 101 permit udp host 10.1.1.1 any eq netbios-dgm
access-list 102 permit udp host 10.2.2.2 any eq netbios-ns
access-list 102 permit udp host 10.2.2.2 any eq netbios-dgm
Now, from what I can tell, this will do what I'm attempting, but I'd still
love to have your opinions because I have *zero* experience with netbios or
broadcast forwarding. I'd hate to break one thing while trying to fix
another. (gee, I've never done that before!)
Thanks again,
John
> We have some new software running on a single workstation that is trying
to
> use netbios to communicate with a server on a different subnet. We do
not
> currently allow this type of forwarding, and I've never configured it
> before. We'd like to limit netbios forwarding to just these two
machines.
> Here is my idea, let me know if this would be the way to do it.
>
> access-list 1 permit 10.1.1.1 (workstation)
> access-list 2 permit 10.2.2.2 (server)
>
> ip forward-protocol udp 137
> ip forward-protocol udp 138
> ip forward-protocol udp 139
>
> int fastethernet1/0
> ip add 10.1.1.254 255.255.255.0
> ip directed-broadcast 1
> ip helper-address 10.2.2.2
>
> int fastethernet2/0
> ip add 10.2.2.254 255.255.255.0
> ip directed-broadcast 2
> ip helper-address 10.1.1.1
>
> Would this do what I'm trying to accomplish? If not, please let me know,
or
> if anyone has any tips for this sort of thing, I'd love to hear them.
>
> Thanks a million, as usual!
>
> John
>
>
>
>
>
> _______________________________________________________
> Send a cool gift with your E-Card
> http://www.bluemountain.com/giftcenter/
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
