Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer...

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I'm sure this has a simple answer but being as network illiterate as I
currently am I could use some help.

Previously I was running WinGate on a dedicated machine for NAT and
it's
"firewall" features. This machine's first NIC was connected to a cable
modem
and the second NIC was connected to a switch to which the other
machines on
my home network were connected. All was working great including
NETWORK
PLACES and it's display of the machines connected to the network.

To harden up my home network and to try to learn some network stuff  at
the
same time I purchased a Cisco 501 PIX firewall appliance. I basically
took
down the dedicated WinGate machine and the switch. The 501 is both a
firewall and a 4 port switch. The firewall and it's rules took the
place of
the Wingate machine and it's 4 port switch took the place of the stand
alone
switch. The only change I made to the network machines was to change
from
static IP addresses to dynamic using the 501's DHCP server
capabilities.

The current situation is this:

The internet connectivity is working perfectly and all machines can get
to
the internet.
I can ping all machines using their machine names.
I can browse another computer manually using \\\\machinename
NETWORK PLACES comes back with a can't find server list or words to
that
effect.

It appears that WinGate was providing some service or feature that
allowed
NETWORK PLACES to work properly which is not being done by the 501
either
because it doesn't support it (hard to believe) or because I have not
yet
configured it. I believe that the 501 has DNS and WINS capabilities
which I
don't know enough about but I'm thinking I might need something like
this to
get NETWORK PLACES working. Obviously the 501 is doing something that
allows
me to ping by machine name but that info doesn't appear to be getting
to
NETWORK PLACES.

Given this description, is there enough information to allow one of you
network experts to  tell me what I need to do or be looking at to get
NETWORK PLACES to work as it should. What services do I need running on
this
simple network to make it all come together and if it's something I
need to
change on the networked machines (all Win2K with all upgrades and
patches)
what are they. Do I need any additional network software?


many thanks for any assistance...


Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names
You have Win 2K machines and what are you trying to do here that the FW
appliance is most likely not preventing? Are you trying to share resources
between machines?

And please don't give me War and Peace on your explanation.

Duane :)



Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Duane Arnold wrote:
Quoted text here. Click to load it

Thanks for responding.  I'm just trying to do exactly what I was able
to do before...open Network places and see the computers identified by
their machine name. No changes otherwise.


Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Quoted text here. Click to load it

You could use the LMhost like the other poster is talking about. I read some
article on Google about that. However, I don't the PIX has anything to do
with this and it's something happening on the machines. Did you install any
software on the machine for this other FW and networking solution you're
talking about?

It's been a long time since I last saw Win 2K but I recall something about
the Netbeui protocol being on the NIC for Win2K and Network Places showing
computer names. I could be wrong but is that network protocol on the NIC?

You might want to look up using Google what are the Windows Networking Ports
for the NT based O/S as maybe a LAN port rule you don't know about on the FW
could be blocking traffic preventing Name Resolution..

Duane :)



Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Quoted text here. Click to load it

What's the topology?  A hardware firewall shouldn't be doing anything to
local network connections, and their name resolution should not depend on
the Internet.

I'd be thinking along the lines of local security settings, perhaps due to a
W2k update?

-Russ.



Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Somebody. wrote:
Quoted text here. Click to load it


Topology is 501 connected to cable modem and 4 computers connected to
the 501's builtin switch. Two way communications OK between computers
and internet and can ping by computer name - names just don't display
in NETWORK PLACES.

The "problem" began immediately after the changeover...no changes of
any kind was made to the networked computers other than changing them
from static to dhcp...thats why I think it has something the do with
the firewall or more appropriately it's configuration. I'm beginning to
wonder if the builtin 4 port switch works differently than the earlier
plain vanilla switch - is it possible that the firewall is interacting
in some way with the builtin  switch such that I need to configure
"something" for NETWORK PLACES to work?

thanks


Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Quoted text here. Click to load it

It really shouldn't be, you could verify that by sticking an extra switch
between the workstations and the firewall.  Have a look at the routing
tables, I guess it's possible the router handed down a route for broadcasts?
Though I've never seen that done.  Hopefully someone who is familiar with
the 501 will chime in.

By way of a diagnostic, I think I'd change 2 machines back to static IP's,
the same ones that they were previously assigned dynamically, see if those
two can browse each other.  If so, compare their routing tables to the
dynamic machines and see if there is anything different.

Otherwise I think I'd try running ethereal on two machines and see what is
going out and what is showing up at the other side.

-Russ.



Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names
Somebody. wrote:
Quoted text here. Click to load it

the switch & router are not to blame, it's the DHCP vs static
assignment. go back static or map your MAC hardware addresses to
specific ip-addresses.  Once ether of these, add your LMHOSTS and you
will not require a local DNS service.

you've got it right when you can PING other-system-name.

now your active systems will display in
networkplaces->ms-win-net->Workgroup as individual host names


--
---
Jeff B (remove the No-Spam to reply)

Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Quoted text here. Click to load it

Did you call  Thec Support as the device must have some kind of 90 day
support for it.

Duane :)



Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names
jim.wray@lmit.com wrote:
Quoted text here. Click to load it

I effectively use static DHCP mapping to predict IP->specific host.
Then adding the names to LMHOSTS allows them to be found without the
need of a local DNS system

--
---
Jeff B (remove the No-Spam to reply)

Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names
I appreciate all the answers. After some more research I believe I
might have found the problem. Keep in mind that the issue only relates
to displaying a list of computers in the NETWORK PLACES window...all
other name resolution appears to be working ok. It turns out that
WinGate seems to have had a small simple minded WINS server that was
more than enough for a small network. As I understand it WINS is needed
to translate the NETBIOS names such that a browse list can be built
which NETWORK PLACES is able to use to display the networked computers.
I probably didn't say that just right but I'm sure you network gurus
know what I meant.

Now, the question is does the 501 include a similar service. In my
reading I remember something about the 501 providing WINS along with
DHCP services to the attached clients. Unfortunately I can't find the
article that discussed this and I might be totally misremembering.

Does anyone know if the 501 supports WINS without an additional server?

thanks again for your help.


Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Quoted text here. Click to load it

Well you have to think about this. A  501 is being used in business
solutions and I doubt that one would have to go through all of this just to
install the thing.

Make it easy on yourself and call Thec Support and be done with it.

Duane :)



Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Quoted text here. Click to load it

A PIX is a complex beast. Yes, it is a business solution & businesses
that use it usually have a Cisco expert on staff fluent in the CLI
command syntax to make everything work as it should. Directly out of
the box, the way I understand it, a PIX is configured to deny
everything. Commands must then be then systematically entered to open
up and configure the desired services. Starting from ground zero for a
Cisco newbie is daunting task.

Quoted text here. Click to load it

If it's a new PIX he'll be entitled to 90 days tech support & after
that he'll need a SmartNet contract.

Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names
gray.wizard@moria.mines wrote:
Quoted text here. Click to load it


Indeed.  The Pix is probably the hardest firewall to use, and easiest to
mis configure.  This leads people to set it up and never configure it again.

On the other hand, if you take the time to learn the Pix it is a very
good product and quite reliable.

You'd be surprised how many companies use the Pix and have no idea how
to configure it.

Scott R. Haven
Sr. Systems Engineer
Paisley Systems Inc.
managed services, consulting, and support
www.paisleysystems.com





Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Quoted text here. Click to load it

I wouldn't... I've been to lots of those and installed a FortiGate in it's
place.  :-)

-Russ.



Re: Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names
On 5 Jan 2006 10:42:29 -0800, jim.wray@lmit.com wrote:

Quoted text here. Click to load it

You would probably have a much better response if you were to post
this over in comp.dcom.sys.cisco and let the Cisco wizards take a
crack at this. They should be able to get you fixed up in no time.

To put it in the simplest terms your 'problem' is that you have gone
from a router to a firewall. Routers by design allow all traffic and
the admin must construct rules to block unwanted traffic. Firewalls by
design block all traffic and the admin must construct rules to allow
wanted traffic.

Your PIX is blocking your Network Neighborhood from working the way
you want it to because you have not configured the PIX to allow this
behavior. What you need are the 'magic' commands that will allow this
traffic on your network to pass through unhindered.

That's where the PIX wizards over in the Cisco newsgroup come in. I've
never owned a PIX so it's beyond my knowledge base to tell you which
commands you need. I'm sure once they tell you what you need to type
you'll be up and running in less than 3 minutes.

Good luck!

Site Timeline