said by IPFW:I have 2 Vista boxes running behind a nat router. My setup looks like the following; I have a wired box on 192.168.0.1 subnet and I have a wireless box on the 192.168.2.1 subnet.
They both have full unfiltered access to each other. I googled the procedure and the recommended services needed to be started for sharing to be enabled. Everything looks good but I can't see the public shares of either Vista box from the other. Only when browsing through the local machine under the network sharing window.
They are both on the same Workgroup. They can access each other with 'ping' and can access the internet. Everything looks good as far as I'm concerned.
Does anyone have any tips or any things that I should look at? I'm thinking that it may have something to do with the routing on the Nat router but I'm not sure what to look for to determine that. If it helps any, I'm running OpenBSD as the router.
OK...your problem is due to a couple of things. One being the fact that broadcasts do not route. That's the main purpose of a router. To separate collision and broadcast domains. Think of a broadcast domain as a segment where only machines within that segment communicate their existence to other machines within the same segment. For example...broadcasts for a second subnet for example of 192.168.1.x computers will not go out to the the 192.168.0.x subnet. Same goes for the 192.168.0.x subnet. Broadcasts will only be sent to devices within that subnet. So say for example on the second router you have your WAN IP set to 192.168.0.254 with a subnet mask of 255.255.255.0 and a default gateway of 192.168.0.1, the broadcasts from all machines on the 192.168.0.x network will reach 192.168.0.254 however due to the nature of the router, once it reaches here, it will get dropped...why? This is because the router doesn't have recall any machines on the second subnet requesting that broadcast. This can cause a major problem for file sharing as you can only browse upstream and you can only do so with IP addresses not names. What I mean by that is that you can't access the 192.168.1.x subnet and further subnets down from the 192.168.0.x...at least not without the use of a VPN (Virtual Private Network). I think if you have Windows Server 2003 you might be able to setup a WINS server and configure your routers to use that to browse using NetBIOS names. Not sure how it's setup though. I know I sound smart but I don't know everything. Another problem you have is NAT...you're using one WAN IP address to account for all the requests coming behind the second router. That can cause a headache sometimes. The only thing you have to worry about is that if you're going to do double NAT you have to double port forward. For example...port forward requests from one router to the WAN IP of the second. Then port forward from that router to a WAN IP of a router connected to that router...or in your case the LAN IP of the machine behind the second router. Now...as far as File Sharing goes there's a couple of things you could do.
1. Setup a DMZ on the second router to point to the IP address of the computer you wish to access. This will setup all of the ports to be open. With this method, by using the WAN IP of your second router you can access that
one you specified in DMZ by IP address. One thing with this...you might have to set your XP firewall to accept requests on all of the File and Printer Sharing ports from all subnets.
2. Drop the second router totally and replace it with a switch or just connect a wire straight from the PC to the one router. They will be on the same broadcast domain and will be able to access each other perfectly fine since the computer will get a IP within the same broadcast domain as your other computer.
3. Connect the cable to the LAN port on the second router instead of the WAN port and configure what was the WAN IP of the second router as the LAN IP instead. Now the router will act as a switch and the router will be part of the same broadcast domain.
Also not that you're looking to do this but I figured I'd mention this. If you wanted to create totally independent subnets you could do so with three routers. One would be the gateway router which is connected to the modem. Then you would have to router go branch off the LAN ports on that router to the WAN ports of the other two. With this method you can prevent access to the second routers subnet from the third and vice versa. Also any computers on the gateway router would not be able to access anything on the other two. This could be useful if you had two subnets that you that shared one common server for file sharing or mapped network drives. So you could attach a server to the first router and any routers with a WAN IP of the gateway router would work. Still have the problem of not being able to browse by NetBIOS name but it's just a idea or concept. Although a server is not required for this setup to work and I've tested it myself and it works like a charm.
Hope this helps you out and if you're confused about anything let me know so I can clarify for you.
EDIT: Added more information.