Hi Ray, Changing about 10 workstations it's not always a good solution, so I found another (great thanks to Sebastian Wolfgarten).
iptables -I INPUT -i eth1 -p UDP --sport 137 --dport 137 -j ACCEPT iptables -I OUTPUT -o eth1 -p UDP --dport 137 --sport 137 -j ACCEPT Assuming eth1 is my internal network interface. Also used this for 138 and 139 (paranoia). This should work with my another rules. Actually i'm using Sebastian's firewall solution, which is very interesting (www.wolfengarten.com) Thanks, Luciano > -----Mensagem original----- > De: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]Em nome de Raymond Leach > Enviada em: ter�a-feira, 14 de maio de 2002 02:34 > Para: Netfilter; Luciano Macedo Rodrigues > Assunto: Re: MS Windows domain logon via netfilter NAT > > M$ 'netbios' is encapsulated in IP packets and therefore your > router will not route the 'netbios' packet. Also M$ uses UDP > broadcasting to find the domain server. Broadcasts are never > routed. There are > articles on technet on how to modify the hosts files on the > workstations so that they know where to find the domain server. > This works (almost). > > Ray
