[Samba] Blocking workgroup discovery

[Tjerk Jan Vonk]

Hi all,

At my work I`ve set up a VPN. When I connect to it, my colleagues see 
all the workgroups from my side of the VPN (I live on a campus with ~50 
workgroups). Do you know how I block the workgroup discovery on through 
the VPN gateway? Is the broadcast done on a specific port? Is samba 
actively repeating the broadcast and their replies?


Greetings

Tjerk Jan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Blocking workgroup discovery

[Gaiseric Vandal]

I think, by the fundamental nature of how networking protocols work, that
broadcasts do not pass through routers -  although with a VPN it may be a
little different.


However, I have the same situation.  A Windows server on the host network
shows my home workgroup in the network neighborhood.  However I can't see
my home computer listed in it.  If I know the ip of my home computer I can
use net use \\x.x.x.x to get to shares on it.  


My VPN client (sonicwall) has a virtual network interface that gets an IP
from the same class C range as the host network.  From the perspective of
the samba server, my home PC is on the local work network.  The VPN
configuration on the server includes an option Enable Windows Networking
(NetBIOS) Broadcast - disabled -  I am not sure if that means NBT (NetBios
over TCP/IP) or the really old NetBEUI (remember Windows for Workgroups?)
VPN Clients are not using WINS -  I thought this would fix the issues but it
didn't.  The Samba server is not the WINS server but it is (or should be)
the master browser.

I don't know if this means that my host PC has registered with the browser
on the samba server OR if broadcasts initiated by my host PC on the VPN
virtual network interface are passing through the VPN.My local PC's
Network Neighborhood only shows its own workgroup, not the corporate one or
other VPN users.   Maybe I can adjust my Windows firewall setting to block
outgoing netbios.

  






-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Tjerk Jan Vonk
Sent: Thursday, June 24, 2010 5:24 AM
To: samba@lists.samba.org
Subject: [Samba] Blocking workgroup discovery

Hi all,

At my work I`ve set up a VPN. When I connect to it, my colleagues see 
all the workgroups from my side of the VPN (I live on a campus with ~50 
workgroups). Do you know how I block the workgroup discovery on through 
the VPN gateway? Is the broadcast done on a specific port? Is samba 
actively repeating the broadcast and their replies?

Greetings

Tjerk Jan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Blocking workgroup discovery

[tms3]

SNIP


I don't know if this means that my host PC has registered with the 
browser
on the samba server OR if broadcasts initiated by my host PC on the 
VPN
virtual network interface are passing through the VPN.My local 
PC's
Network Neighborhood only shows its own workgroup, not the corporate 
one or
other VPN users.   Maybe I can adjust my Windows firewall setting to 
block

outgoing netbios.


Block port 137 to VPN clients.











-Original Message-
From: samba-boun...@lists.samba.org 
[mailto:samba-boun...@lists.samba.org]

On Behalf Of Tjerk Jan Vonk
Sent: Thursday, June 24, 2010 5:24 AM
To: samba@lists.samba.org
Subject: [Samba] Blocking workgroup discovery

Hi all,

At my work I`ve set up a VPN. When I connect to it, my colleagues see
all the workgroups from my side of the VPN (I live on a campus with 
~50
workgroups). Do you know how I block the workgroup discovery on 
through

the VPN gateway? Is the broadcast done on a specific port? Is samba
actively repeating the broadcast and their replies?

Greetings

Tjerk Jan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba