>Why do any of the Windows machines need to broadcast at all? It seems like >a waste of bandwidth to me. Why not require DHCP on all clients and dish >out p-node only configurations through DHCP on the internal network? Can NT >servers be configured as p-nodes and if so, what name resolution method >would you recommend for the small number of servers in a resource NT domain >in a DMZ? NT Servers can be configured as P-nodes, but if you did this you'd need a WINS server for them to use. If the WINS server went down however name resolution wouldn't occur. You could consider configuring the servers as H-nodes which will poll a WINS server first and if no response is received then it falls back on broadcast. Another possibility is to use the LMHOSTS file found under c:\winnt\system32\drivers\etc\ assuming that your NT install is in the winnt directory on the c: drive, for name resolution. >Is there any way to unbind the WINS client from all three interfaces of an >NT based Firewall-1? I have tried but get errors because the server and >workstation services can not start. The Server and Workstation services are NetBIOS based and consequently if WINS is unbound from each interface card you will get these errors. Go into services from the control panel and change disable these services - then you can unbind WINS from the adapters with out these error messages. (I'm away from my NT box at the moment - so I am not 100% certain if you can disable these services from here - if not you can manually tweak the Registry) David Litchfield Firewall-1 is just a ported over >Unix-app that does not need NetBIOS. The only thing it can (and does) get >used for is scheduling drive mappings and firewall configuration backups to >a DMZ box. > >> -----Original Message----- >> From: Carl Calvello [mailto:[EMAIL PROTECTED]] >> Sent: Tuesday, January 05, 1999 8:30 AM >> To: 'Joe Ippolito' >> Cc: [EMAIL PROTECTED] >> Subject: RE: Microsoft Proxy Server Questions >> >> >> I was assuming that netbios was not on external nic, as long as you unbind >> wins client, you should not see netbios broadcasts. However, I >> have seen DNS >> node status requests sent out of the external nic in some cases. >> >> Here are some articles that may help - KB Q166159 NetBIOS >> Connections from a >> Multihomed Computer. This one describes the node status requests >> and what to >> look for in a trace: Q161431 Connecting to NetBIOS Resources >> Using DNS Names >> or IP Addresses. Hope that helps.. >> >> >> Thanks, >> >> Carl Calvello >> Microsoft >> [EMAIL PROTECTED] >> >> >> -----Original Message----- >> From: Joe Ippolito [mailto:[EMAIL PROTECTED]] >> Sent: Monday, January 04, 1999 9:23 PM >> To: Carl Calvello >> Cc: [EMAIL PROTECTED] >> Subject: RE: Microsoft Proxy Server Questions >> >> >> Yes, but if it resorts to a broadcast it may do it on any one of the >> interfaces not necessarily the correct one. It is much cleaner to me to >> only leave NetBIOS to a single interface unless you want to make very sure >> that your machines never resort to broadcasts. It would be nice to see a >> clear explanation of how to prevent MS machines from ever doing broadcasts >> without setting-up a WINS server on every segment of a network. How about >> it? Why do I always have to put a drop all NetBIOS broadcasts >> and don't log >> rule at the top of my firewall policies? >> >> > -----Original Message----- >> > From: Carl Calvello [mailto:[EMAIL PROTECTED]] >> > Sent: Monday, January 04, 1999 12:54 PM >> > To: '[EMAIL PROTECTED]'; Joe Ippolito >> > Cc: [EMAIL PROTECTED] >> > Subject: RE: Microsoft Proxy Server Questions >> > >> > >> > >> > >> > Joe Ippolito wrote: >> > > >> > > >1) I have heard it can only support at most 2 network >> > interfaces, one in >> > > >and one out, is that true? >> > > >> > >> > You can have up to 3 external NIC's and if you have the proxy >> rollup fixes >> > from Q190997 you can have multiple IP's on the external nics. The >> > LAT table >> > tells proxy which nics on the machine are inside/outside. I'm >> not sure if >> > there is a limit on the total number of nics in the machine but usually >> > people don't use more than 3 from what I have seen. >> > >> > >> > > If MS Proxy is a member of an NT >> > > Domain, it will get confused though since it won't know which >> network to >> > > look for DC's on. >> > >> > no problems here as long as the proxy can resolve the DC name and >> > if it has >> > a route to the DC through one of the nics on the machine. >> > >> > Thanks, >> > >> > Carl Calvello >> > Microsoft >> > [EMAIL PROTECTED] >> > >> >> - >> [To unsubscribe, send mail to [EMAIL PROTECTED] with >> "unsubscribe firewalls" in the body of the message.] >> > >- >[To unsubscribe, send mail to [EMAIL PROTECTED] with >"unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
