1. Home
  2. Networking Firewalls
  3. Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

Changed from a software to a hardware firewall...now NETWORK PLACES won't display computer names

I'm sure this has a simple answer but being as network illiterate as I currently am I could use some help.

Previously I was running WinGate on a dedicated machine for NAT and it's "firewall" features. This machine's first NIC was connected to a cable modem and the second NIC was connected to a switch to which the other machines on my home network were connected. All was working great including NETWORK PLACES and it's display of the machines connected to the network.

To harden up my home network and to try to learn some network stuff at the same time I purchased a Cisco 501 PIX firewall appliance. I basically took down the dedicated WinGate machine and the switch. The 501 is both a firewall and a 4 port switch. The firewall and it's rules took the place of the Wingate machine and it's 4 port switch took the place of the stand alone switch. The only change I made to the network machines was to change from static IP addresses to dynamic using the 501's DHCP server capabilities.

The current situation is this:

The internet connectivity is working perfectly and all machines can get to the internet. I can ping all machines using their machine names. I can browse another computer manually using \\\\machinename NETWORK PLACES comes back with a can't find server list or words to that effect.

It appears that WinGate was providing some service or feature that allowed NETWORK PLACES to work properly which is not being done by the 501 either because it doesn't support it (hard to believe) or because I have not yet configured it. I believe that the 501 has DNS and WINS capabilities which I don't know enough about but I'm thinking I might need something like this to get NETWORK PLACES working. Obviously the 501 is doing something that allows me to ping by machine name but that info doesn't appear to be getting to NETWORK PLACES.

Given this description, is there enough information to allow one of you network experts to tell me what I need to do or be looking at to get NETWORK PLACES to work as it should. What services do I need running on this simple network to make it all come together and if it's something I need to change on the networked machines (all Win2K with all upgrades and patches) what are they. Do I need any additional network software?

many thanks for any assistance...

Reply to
jim.wray
Loading thread data ...

You have Win 2K machines and what are you trying to do here that the FW appliance is most likely not preventing? Are you trying to share resources between machines?

And please don't give me War and Peace on your explanation.

Duane :)

Reply to
Duane Arnold

Thanks for responding. I'm just trying to do exactly what I was able to do before...open Network places and see the computers identified by their machine name. No changes otherwise.

Reply to
xwray

I effectively use static DHCP mapping to predict IP->specific host. Then adding the names to LMHOSTS allows them to be found without the need of a local DNS system

Reply to
Jeff B

You could use the LMhost like the other poster is talking about. I read some article on Google about that. However, I don't the PIX has anything to do with this and it's something happening on the machines. Did you install any software on the machine for this other FW and networking solution you're talking about?

It's been a long time since I last saw Win 2K but I recall something about the Netbeui protocol being on the NIC for Win2K and Network Places showing computer names. I could be wrong but is that network protocol on the NIC?

You might want to look up using Google what are the Windows Networking Ports for the NT based O/S as maybe a LAN port rule you don't know about on the FW could be blocking traffic preventing Name Resolution..

Duane :)

Reply to
Duane Arnold

What's the topology? A hardware firewall shouldn't be doing anything to local network connections, and their name resolution should not depend on the Internet.

I'd be thinking along the lines of local security settings, perhaps due to a W2k update?

-Russ.

Reply to
Somebody.

Topology is 501 connected to cable modem and 4 computers connected to the 501's builtin switch. Two way communications OK between computers and internet and can ping by computer name - names just don't display in NETWORK PLACES.

The "problem" began immediately after the changeover...no changes of any kind was made to the networked computers other than changing them from static to dhcp...thats why I think it has something the do with the firewall or more appropriately it's configuration. I'm beginning to wonder if the builtin 4 port switch works differently than the earlier plain vanilla switch - is it possible that the firewall is interacting in some way with the builtin switch such that I need to configure "something" for NETWORK PLACES to work?

thanks

Reply to
xwray

It really shouldn't be, you could verify that by sticking an extra switch between the workstations and the firewall. Have a look at the routing tables, I guess it's possible the router handed down a route for broadcasts? Though I've never seen that done. Hopefully someone who is familiar with the 501 will chime in.

By way of a diagnostic, I think I'd change 2 machines back to static IP's, the same ones that they were previously assigned dynamically, see if those two can browse each other. If so, compare their routing tables to the dynamic machines and see if there is anything different.

Otherwise I think I'd try running ethereal on two machines and see what is going out and what is showing up at the other side.

-Russ.

Reply to
Somebody.

Did you call Thec Support as the device must have some kind of 90 day support for it.

Duane :)

Reply to
Duane Arnold

the switch & router are not to blame, it's the DHCP vs static assignment. go back static or map your MAC hardware addresses to specific ip-addresses. Once ether of these, add your LMHOSTS and you will not require a local DNS service.

you've got it right when you can PING other-system-name.

now your active systems will display in networkplaces->ms-win-net->Workgroup as individual host names

Reply to
Jeff B

You would probably have a much better response if you were to post this over in comp.dcom.sys.cisco and let the Cisco wizards take a crack at this. They should be able to get you fixed up in no time.

To put it in the simplest terms your 'problem' is that you have gone from a router to a firewall. Routers by design allow all traffic and the admin must construct rules to block unwanted traffic. Firewalls by design block all traffic and the admin must construct rules to allow wanted traffic.

Your PIX is blocking your Network Neighborhood from working the way you want it to because you have not configured the PIX to allow this behavior. What you need are the 'magic' commands that will allow this traffic on your network to pass through unhindered.

That's where the PIX wizards over in the Cisco newsgroup come in. I've never owned a PIX so it's beyond my knowledge base to tell you which commands you need. I'm sure once they tell you what you need to type you'll be up and running in less than 3 minutes.

Good luck!

Reply to
gray.wizard

I appreciate all the answers. After some more research I believe I might have found the problem. Keep in mind that the issue only relates to displaying a list of computers in the NETWORK PLACES window...all other name resolution appears to be working ok. It turns out that WinGate seems to have had a small simple minded WINS server that was more than enough for a small network. As I understand it WINS is needed to translate the NETBIOS names such that a browse list can be built which NETWORK PLACES is able to use to display the networked computers. I probably didn't say that just right but I'm sure you network gurus know what I meant.

Now, the question is does the 501 include a similar service. In my reading I remember something about the 501 providing WINS along with DHCP services to the attached clients. Unfortunately I can't find the article that discussed this and I might be totally misremembering.

Does anyone know if the 501 supports WINS without an additional server?

thanks again for your help.

Reply to
xwray

Well you have to think about this. A 501 is being used in business solutions and I doubt that one would have to go through all of this just to install the thing.

Make it easy on yourself and call Thec Support and be done with it.

Duane :)

Reply to
Duane Arnold

A PIX is a complex beast. Yes, it is a business solution & businesses that use it usually have a Cisco expert on staff fluent in the CLI command syntax to make everything work as it should. Directly out of the box, the way I understand it, a PIX is configured to deny everything. Commands must then be then systematically entered to open up and configure the desired services. Starting from ground zero for a Cisco newbie is daunting task.

If it's a new PIX he'll be entitled to 90 days tech support & after that he'll need a SmartNet contract.

Reply to
gray.wizard

Indeed. The Pix is probably the hardest firewall to use, and easiest to mis configure. This leads people to set it up and never configure it again.

On the other hand, if you take the time to learn the Pix it is a very good product and quite reliable.

You'd be surprised how many companies use the Pix and have no idea how to configure it.

Scott R. Haven Sr. Systems Engineer Paisley Systems Inc. managed services, consulting, and support

formatting link

Reply to
Scott R. Haven

I wouldn't... I've been to lots of those and installed a FortiGate in it's place. :-)

-Russ.

Reply to
Somebody.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.