Results 1 to 4 of 4

Thread: Odd cross network problem - lmhosts needed?

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    4

    Odd cross network problem - lmhosts needed?

    1st post - Hopefully one of you will find this interesting and give this network newbie a helping hand

    Setups -

    Group 1> Standard Linksys router and additional switch all connecting 6 PCs (XP) using DHCP. Address of router is 192.168.1.1 connected to my FIOS broadband connection. Setup as simple p2p workgroup.

    Group 2> MS SB server 2003 connected to my unused Cable modem with one laptop logged on to the server domain. Twin nic setup in server, IP of server Local Area (internal) is 192.168.16.2

    Each group above has a separate connection to the internet. This allows me a good lab set up for SBS 2003 on the cable modem, without affecting my larger group of home machines connected to the Linksys router and the FIOS connection.

    In the situation below I am going out of my cable modem connection and connecting back to the FIOS connection.

    Problem:

    1> If I set up a VPN from the Laptop connected to the Server (G2), let's call that (G2LT1), to one of the machines on the other group (G1), let's call it machine (G1PC1) odd things happen -
    a) G1PC1 loses connection to the workgroup printers as soon as I install the XP VPN (incoming connection-VPN server). If I uninstall/delete the VPN server connection, the workgroup printers will immediately start functioning properly.
    b) When the VPN is connected to G1PC1, G2LT1 (which is connected to the server domain), will not retrieve external web pages, but will retrieve the internal intranet page. If I disconnect the VPN to the G1PC1 machine, then it will.

    When the VPN client is connected on the laptop (G2LT1) to G1PC1, route print show the gateway replaced by the VPN IP (10.0.0.11). I have used this IP simply to better to see it in route print. Once I understand the above problem, I will change it and tackle getting the LT to share files and printers with G1PC1.


    Am I correct in thinking this is where one uses an LMHOSTS file? Or route add? I am really confused at this stage. Pardon the lack of detail. Just point out what more info you need and I will get it quickly.

    This is what Route Print shows for G2LT1 when the VPN is connected. Clearly having the default gateway as 10.0.0.11 is causing problems. This may be proper when the LT is on the road and connected to G1PC1, but is not with G2LT1 connected to SBS 2003. Still it bothers me that I don't understand how to change this. Yet another learning opportunity I guess ...

    Code:
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 b0 d0 a5 85 24 ...... 3Com 3C920 Integrated Fast Ethernet
    Controller (3C905C-TX Compatible) - Packet Scheduler Miniport
    0x140004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0        10.0.0.11       10.0.0.11	  1
              0.0.0.0          0.0.0.0     192.168.16.2   192.168.16.10	  21
            10.0.0.11  255.255.255.255        127.0.0.1       127.0.0.1	  50
       10.255.255.255  255.255.255.255        10.0.0.11       10.0.0.11	  50
       71.xxx.xxxx.xxx  255.255.255.255     192.168.16.2   192.168.16.10	  20
            127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
         192.168.16.0    255.255.255.0    192.168.16.10   192.168.16.10	  20
        192.168.16.10  255.255.255.255        127.0.0.1       127.0.0.1	  20
       192.168.16.255  255.255.255.255    192.168.16.10   192.168.16.10	  20
            224.0.0.0        240.0.0.0    192.168.16.10   192.168.16.10	  20
            224.0.0.0        240.0.0.0        10.0.0.11       10.0.0.11	  1
      255.255.255.255  255.255.255.255        10.0.0.11       10.0.0.11	  1
      255.255.255.255  255.255.255.255    192.168.16.10   192.168.16.10	  1
    Default Gateway:         10.0.0.11
    ===========================================================================
    Persistent Routes:
      None
    This is route Print from G1PC1 which is setup static IP of 192.168.1.100 For the life of me I do not understand why the workgroup printers stop working when the internal XP VPN server connection is created.

    Code:
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 04 4b 80 80 03 ...... 
    NVIDIA nForce Networking Controller - Packet Scheduler Miniport
    0x10003 ...00 53 45 00 00 00
     ...... WAN (PPP/SLIP) Interface
    
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100	  20
            10.0.0.10  255.255.255.255        127.0.0.1       127.0.0.1	  50
            10.0.0.11  255.255.255.255        10.0.0.10       10.0.0.10	  1
        68.xxx.xx.xxx  255.255.255.255      192.168.1.1   192.168.1.100	  20
            127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
          192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100	  20
        192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1	  20
        192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100	  20
            224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100	  20
      255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100	  1
    Default Gateway:       192.168.1.1
    ===========================================================================
    Persistent Routes:
      None
    Last edited by DPDogg; 03-29-06 at 10:02 AM.

  2. #2
    Junior Member
    Join Date
    Mar 2006
    Posts
    4
    OK, I think I made the above post too complicated. Let me try again with one simple problem.

    When I install the XP VPN server on a machine connected to a workgroup, actions like "View Workgroup computers" become painfully slow - something like 2 to 4 minutes to show the WG computers, and another 2 minutes to browse to a selected computer.

    Browsing for a network printer from the add printer dialog is also very slow, or not able to complete at all.

    Anybody experienced this? If so, what did you do to fix it?

    The above happens whether the VPN client is connected or not. I do notice when the VPN client IS connected, a large amount of traffic is sent to the client computer.

    When the XP VPN client connection is deleted from network connections, normal function and speed is restored.
    Last edited by DPDogg; 03-26-06 at 02:53 PM.

  3. #3
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,877
    Sorry to not respond to your PM earlier....I'm on the road a lot this week.

    Hmmm...gotta picture it better...your SBS box, she's multi-homed...OK, you running ISA or just letting it secure NAT? Is the WAN NIC behind the cable modem getting a public IP address? Or is that cable modem a gateway device running NAT?

    Honestly, I prefer hardware VPN setups over doing server based software VPNs. If you're sandboxing something to figure it out for a full time setup down the road...I'd certainly look into hardware VPN solutions to tie the sites together, or a hardware VPN box for road warriers to VPN into from their laptops.

    Having the default gateway be your remote network when you're PPTP VPN'd in isn't a problem. I'm curious why you stuck 10.0.0.xxx in there?

    Here's a route print from my home right right now, as I'm VPN'd into the building my office is located at, doing some work. I removed the last 3x octects of the public IP address of the VPN box and the DNS servers for security concerns, (you'll see 69.xx.xx.xx) as I edited your post and removed your public IP also. Better to not have these hanging around on a forum. My local SBS2K3 domain at home is the 192.169.69.xx scheme, the network my office is located in is the 10.50.1.xx

    Network browsing is naturally slower when you're VPN'd...as now you're querying 2x different networks DNS resources. Name resolution with 2K/XP falls on DNS. As long as your DNS is setup correctly, you don't need to fiddle with the bandaid approach of editing the lmhost files.

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\BMayo.CATSPAD>route print
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 0e a6 aa a9 db ...... Intel(R) PRO/1000 CT Network Connection - Packet
    Scheduler Miniport
    0x60004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 10.50.1.111 10.50.1.111 1
    0.0.0.0 0.0.0.0 192.168.69.11 192.168.69.17 21
    10.50.1.111 255.255.255.255 127.0.0.1 127.0.0.1 50
    10.255.255.255 255.255.255.255 10.50.1.111 10.50.1.111 50
    69.xx.xx.xx 255.255.255.255 192.168.69.11 192.168.69.17 20
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.69.0 255.255.255.0 192.168.69.17 192.168.69.17 20
    192.168.69.17 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.168.69.255 255.255.255.255 192.168.69.17 192.168.69.17 20
    224.0.0.0 240.0.0.0 192.168.69.17 192.168.69.17 20
    224.0.0.0 240.0.0.0 10.50.1.111 10.50.1.111 1
    255.255.255.255 255.255.255.255 10.50.1.111 10.50.1.111 1
    255.255.255.255 255.255.255.255 192.168.69.17 192.168.69.17 1
    Default Gateway: 10.50.1.111
    ===========================================================================
    Persistent Routes:
    None

    C:\Documents and Settings\BMayo.CATSPAD>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : sonata
    Primary Dns Suffix . . . . . . . : catspad.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : catspad.local
    catspad.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : catspad.local
    Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connect
    ion
    Physical Address. . . . . . . . . : 00-0E-A6-AA-A9-DB
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.69.17
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.69.11
    DHCP Server . . . . . . . . . . . : 192.168.69.11
    DNS Servers . . . . . . . . . . . : 192.168.69.11
    Primary WINS Server . . . . . . . : 192.168.69.11
    Lease Obtained. . . . . . . . . . : Monday, March 27, 2006 7:05:34 AM
    Lease Expires . . . . . . . . . . : Tuesday, April 04, 2006 7:05:34 AM

    PPP adapter Dewart 5th:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 10.50.1.111
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . : 10.50.1.111
    DNS Servers . . . . . . . . . . . : 69.xx.xx.xx
    69.xx.xx.xx

    C:\Documents and Settings\BMayo.CATSPAD>exit
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  4. #4
    Junior Member
    Join Date
    Mar 2006
    Posts
    4
    Very decent of you to take the time to answer my long winded post. Keep in mind I know just enough about this stuff to be dangerous. I am trying to figure it out for my church - small budget is an understatement!

    > your SBS box, she's multi-homed - Hmm, not sure - I think only because I was sitting there and decided to try connecting my laptop via MS VPN to one of my home machines (on Fios), while it was still logged onto the SBS domain (on cable). Probably not a real world situation. Just wanted to know how to get the laptop to retrieve webpages while the VPN was active to the home machine. It bugged me not knowing how. Learning experience kind of thing. This is not real important now, and I would rather get your thoughts on the following when time allows -

    >OK, you running ISA or just letting it secure NAT? - Nic1 was connected ICS directly to the cable modem. That is [edit] poor security I guess? I just added a doorstop router last night. Now, it is cable modem > router (with appropriate ports forwarded to 1st NIC (network connection - static 192.168.2.100). The internal Server Local Area connection is set up as 192.168.16.2 and does DHCP for the internal connections. I am hoping ISA server is not needed as there is no budget for it.

    I need to be able to allow Remote Web Access for this to be useful to the church ... Kinda gives me the creeps tho ... Your thoughts on the security problems of allowing Remote Web Access? That brings me to the following workaround -

    The IP of the cable modem is, of course, dynamic. I use the NO-IP client to update the xxxx.no-ip.org IP when it changes. This is the hostname I used when I set up the email and such. That seems a real slick way to do it on the cheap. If I were to make each user also use the NO-IP client and assign each a hostname (user1xxxx.no-ip.org, user2xxxx.no-ip.org, etc), is there a way to tell the Server 2003 ICS firewall to only allow internal access to the corresponding IPs from those urls/hostnames/whateverucallem ?

    I do something similar on my home network with ZoneAlarm when I am on the road and wish to use my laptop to connect to my main home machine via remote desktop. My home machine is set up as xxxxhome.no-ip.xxx and my Laptop is set up as MyLaptopxxxx.no-ip.xxx. On my home machine, I set ZA to only allow trusted access from MyLaptopxxxx.no-ip.xxx and it seems a good free security solution (as long as nobody got my password to change my NO-IP setup). As far as I know, it should be impossible for anybody to connect to my Remote Desktop from any other IP, even if they knew my main home machine password. Yes? or just wishful thinking?

    Not to worry if you are too busy to answer this in much detail. I'll just appreciate any quick thoughts/"data bursts" you can throw my way.

    D
    Last edited by DPDogg; 03-29-06 at 10:19 AM.

Similar Threads

  1. wired router/wireless router network problem
    By MidgetBrawl in forum Wireless Networks & Routers
    Replies: 4
    Last Post: 08-08-06, 12:29 PM
  2. Limited network connection & Excessive packet loss problem
    By tlbray in forum Broadband Tweaks Help
    Replies: 7
    Last Post: 02-12-06, 11:32 PM
  3. Help needed with network design
    By Sid in forum Networking Forum
    Replies: 1
    Last Post: 01-17-04, 11:40 AM
  4. Replies: 5
    Last Post: 01-25-02, 05:37 PM
  5. Network card, can that be my problem???
    By gbiddle in forum General Broadband Forum
    Replies: 10
    Last Post: 02-12-01, 05:37 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •