Hi, In my case. 1. yes 2. about 10 3. because i need outside access to my machine.
My problem, that i think is very similar to other related here (and i'm sorry for this cross-posting) is that i have a PDC on the same server of the ADSL connection. People edits, for example, files in the apache directory through samba and i want that a client access outside my office. But, if i have a strong firewall in this machine, the win2k workstations doesn't find the domain controller. So i don't have any rules configured, just enabled all to anywhere from anywhere. I allowed 'netbios-ns,netbios-dgm,netbios-ssn,isakmp,wins,microsoft-ds' for the LAN but still not worked... I think i'll have to open more ports. So, any guess? Luciano > -----Mensagem original----- > De: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]Em nome de Daniel Elias Robles > Enviada em: segunda-feira, 13 de maio de 2002 09:55 > Cc: [EMAIL PROTECTED] > Assunto: Re: MS Windows domain logon via netfilter NAT > > > I do not see why you need to go back to win2k for firewalling. > > 1.- Is the domain controller on the Internet? > 2.- How many machines will be accessing this server? > 3.- Why do you need to NAT? > > > Daniel > > > On Mon, 2002-05-13 at 08:10, Kramer wrote: > > Thanks to all for the replies. I did find all the postings on the web > > about NAT and NBT. I am just very surprised that nothing has already > > been done about it. There are probably very few networks that don't > > have at least some MS windows presense. It seems as thought this would > > have gotten some attention by someone on the netfilter team. An > > ip_conntrack_NBT is really needed to translate the internal > addresses in > > the NATed packets. I have Samba running successfully on other > boxes but > > don't want it on the firewall or inside. In this case I really > wanted to > > set up the private NAT subnet for many reasons. I guess I either drop > > the NAT requirement or am very reluctantly back to using Win2K as the > > firewall server ( or saving for a Cisco and all the license fees ). > > > > Jack > > > > Daniel El�as Robles wrote: > > > > > This issue have been addressed several times, the correct way > to handle this > > > is not to NAT netbios traficc, due the fact that there is not helper > > > available -- at least at the time of this writing --, this > does not mean you > > > can not route via iptbles, you still can use it, just do not NAT it. > > > > > > I have some large installation, several hundred computers use > iptables to > > > log into the PDC. > > > > > > Just expand the range of the private side of your firewall -- > in case you > > > have more that 254 hosts on your lan -- , make sure you > packets can find > > > their way back to your lan -- router issues --, forward as needed, > > > remember -- don't Masquerade this traffic --"everything gonna > be allright". > > > > > > Regards, > > > > > > > > > Daniel > > > Dominican Republic > > > ----- Original Message ----- > > > From: "AUDEMARD Patrick" <[EMAIL PROTECTED]> > > > To: "Kramer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > Sent: Monday, May 13, 2002 3:55 AM > > > Subject: RE: MS Windows domain logon via netfilter NAT > > > > > > > > > IPtable doesn't fully support Netbios over IP. > > > > > > Check this article for more information. > > > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q172227 > > > > > > Patrick AUDEMARD > > > > > > -----Message d'origine----- > > > De : Kramer [mailto:[EMAIL PROTECTED]] > > > Envoy� : dimanche 12 mai 2002 19:29 > > > � : [EMAIL PROTECTED] > > > Objet : MS Windows domain logon via netfilter NAT > > > > > > > > > I have gotten a RedHat 7.3 box operating as a router/filter > to a private > > > (192.168.132.0/24) with dhcp without too much trouble. One major > > > problem remains that I can't find any info on. The fixes for the NAT > > > public address reverse routing and the broadcast address fixes are > > > already applied. > > > > > > Windows client hosts on the NATed LAN can't find the NT4 Domain for > > > logon. Therefore Network Neighborhood browsing doesn't work. > Strangely > > > direct UNC connections will work if logon credentials are not > required. > > > > > > I am sure I am not the first to run into this. Can anyone help? > > > > > > Jack Kramer > > > University of Florida > > > Fort Lauderdale > > > > > > > > > > > > > > > > > > > > > > > > > > > Luciano Macedo Rodrigues Analista/Construtor OpenSoft - Porto Alegre/RS
