It was not MS Proxy I was concerned with, it is Check Point's Firewall-1 on
NT. Firewall-1 logs all NetBIOS broadcasts it sees unless I intentionally
tell it to ignore them.
Why do any of the Windows machines need to broadcast at all? It seems like
a waste of bandwidth to me. Why not require DHCP on all clients and dish
out p-node only configurations through DHCP on the internal network? Can NT
servers be configured as p-nodes and if so, what name resolution method
would you recommend for the small number of servers in a resource NT domain
in a DMZ?
Is there any way to unbind the WINS client from all three interfaces of an
NT based Firewall-1? I have tried but get errors because the server and
workstation services can not start. Firewall-1 is just a ported over
Unix-app that does not need NetBIOS. The only thing it can (and does) get
used for is scheduling drive mappings and firewall configuration backups to
a DMZ box.
> -----Original Message-----
> From: Carl Calvello [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 05, 1999 8:30 AM
> To: 'Joe Ippolito'
> Cc: [EMAIL PROTECTED]
> Subject: RE: Microsoft Proxy Server Questions
>
>
> I was assuming that netbios was not on external nic, as long as you unbind
> wins client, you should not see netbios broadcasts. However, I
> have seen DNS
> node status requests sent out of the external nic in some cases.
>
> Here are some articles that may help - KB Q166159 NetBIOS
> Connections from a
> Multihomed Computer. This one describes the node status requests
> and what to
> look for in a trace: Q161431 Connecting to NetBIOS Resources
> Using DNS Names
> or IP Addresses. Hope that helps..
>
>
> Thanks,
>
> Carl Calvello
> Microsoft
> [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Joe Ippolito [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 04, 1999 9:23 PM
> To: Carl Calvello
> Cc: [EMAIL PROTECTED]
> Subject: RE: Microsoft Proxy Server Questions
>
>
> Yes, but if it resorts to a broadcast it may do it on any one of the
> interfaces not necessarily the correct one. It is much cleaner to me to
> only leave NetBIOS to a single interface unless you want to make very sure
> that your machines never resort to broadcasts. It would be nice to see a
> clear explanation of how to prevent MS machines from ever doing broadcasts
> without setting-up a WINS server on every segment of a network. How about
> it? Why do I always have to put a drop all NetBIOS broadcasts
> and don't log
> rule at the top of my firewall policies?
>
> > -----Original Message-----
> > From: Carl Calvello [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, January 04, 1999 12:54 PM
> > To: '[EMAIL PROTECTED]'; Joe Ippolito
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Microsoft Proxy Server Questions
> >
> >
> >
> >
> > Joe Ippolito wrote:
> > >
> > > >1) I have heard it can only support at most 2 network
> > interfaces, one in
> > > >and one out, is that true?
> > >
> >
> > You can have up to 3 external NIC's and if you have the proxy
> rollup fixes
> > from Q190997 you can have multiple IP's on the external nics. The
> > LAT table
> > tells proxy which nics on the machine are inside/outside. I'm
> not sure if
> > there is a limit on the total number of nics in the machine but usually
> > people don't use more than 3 from what I have seen.
> >
> >
> > > If MS Proxy is a member of an NT
> > > Domain, it will get confused though since it won't know which
> network to
> > > look for DC's on.
> >
> > no problems here as long as the proxy can resolve the DC name and
> > if it has
> > a route to the DC through one of the nics on the machine.
> >
> > Thanks,
> >
> > Carl Calvello
> > Microsoft
> > [EMAIL PROTECTED]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
