Thanks to all for the replies. I did find all the postings on the web about NAT and NBT. I am just very surprised that nothing has already been done about it. There are probably very few networks that don't have at least some MS windows presense. It seems as thought this would have gotten some attention by someone on the netfilter team. An ip_conntrack_NBT is really needed to translate the internal addresses in the NATed packets. I have Samba running successfully on other boxes but don't want it on the firewall or inside. In this case I really wanted to set up the private NAT subnet for many reasons. I guess I either drop the NAT requirement or am very reluctantly back to using Win2K as the firewall server ( or saving for a Cisco and all the license fees ).
Jack Daniel El�as Robles wrote: > This issue have been addressed several times, the correct way to handle this > is not to NAT netbios traficc, due the fact that there is not helper > available -- at least at the time of this writing --, this does not mean you > can not route via iptbles, you still can use it, just do not NAT it. > > I have some large installation, several hundred computers use iptables to > log into the PDC. > > Just expand the range of the private side of your firewall -- in case you > have more that 254 hosts on your lan -- , make sure you packets can find > their way back to your lan -- router issues --, forward as needed, > remember -- don't Masquerade this traffic --"everything gonna be allright". > > Regards, > > > Daniel > Dominican Republic > ----- Original Message ----- > From: "AUDEMARD Patrick" <[EMAIL PROTECTED]> > To: "Kramer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Monday, May 13, 2002 3:55 AM > Subject: RE: MS Windows domain logon via netfilter NAT > > > IPtable doesn't fully support Netbios over IP. > > Check this article for more information. > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q172227 > > Patrick AUDEMARD > > -----Message d'origine----- > De : Kramer [mailto:[EMAIL PROTECTED]] > Envoy� : dimanche 12 mai 2002 19:29 > � : [EMAIL PROTECTED] > Objet : MS Windows domain logon via netfilter NAT > > > I have gotten a RedHat 7.3 box operating as a router/filter to a private > (192.168.132.0/24) with dhcp without too much trouble. One major > problem remains that I can't find any info on. The fixes for the NAT > public address reverse routing and the broadcast address fixes are > already applied. > > Windows client hosts on the NATed LAN can't find the NT4 Domain for > logon. Therefore Network Neighborhood browsing doesn't work. Strangely > direct UNC connections will work if logon credentials are not required. > > I am sure I am not the first to run into this. Can anyone help? > > Jack Kramer > University of Florida > Fort Lauderdale > > > > > >
