Re: Questions on Firewall-1 and Neighborhood Browser

From: roger nebel (rogerat_private)
Date: Thu May 28 1998 - 17:17:05 PDT

  • Next message: Adam Shostack: "Re: Identifying End of Tx in FTP"

    You can't browse the network neighborhood (from inside or outside!)
    because you are using address translation and NetBT (Netbios in
    TCP/IP).  F/W-1's NAT only translates the TCP/IP addresses, not the
    NetBT addresses (it doesn't even know they are there).  One way around
    this is to distribute a windows shortcut file which you create by doing
    a Find Computer (while dialed in with securemote, not locally) and using
    the IP address (which you say you can do), then right mouse click to
    create the shortcut.  Look at the shortcut Properties, Target, it should
    look something like \\\shares\shared.  Make sure the target
    path is at the highest level of shares.  Change the name of the shortcut
    file to something meaningful like "Remote Network Neighborhood" and an
    appropriate icon.  The remote user also needs to be able to communicate
    with a WINS server in your network (which I believe you say works based
    on your log entries).  Kludgy, but it works.
    A better way would be to write the inspect script to look into the NetBT
    header and do translation on the fly.  One day someone will want this
    bad enough to pay to develop the inspect script.  Check Point does not
    indicate if version 4 will support this natively.  Raptor claims their
    next remote client will.  I don't know about others.  
    good luck, roger

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:06 PDT