You can't forward broadcasts...argh, funny how questions get repeated in blocks ey.. ;) he he try using Samba on the firewall and block all sharing on it but allow it to broadcast/relay to the other network using "remote announce" on the firewall.. Just another thought, this usually means that the firewall MUST be the master browser of the domain/workgroup.. forget this if you have a PDC as it always wants to win the election and this method will not then work... but you could try it.. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: chad@xxxxxxxxx [mailto:chad@xxxxxxxxx] Sent: Tuesday, June 03, 2003 12:23 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: broadcasting netbios into a dmz I have an interesting problem. We are trying to forward NetBIOS packets from a single host to our dmz, with out much success. We have our protected network on eth1 and the DMZ is attached to eth0. We have one host that we would like to broadcast via both apple talk and NetBIOS, but we don't want to let all netbios/appple talk traffic out to the DMZ. I came up with the following statements: $IPT -A FORWARD -i $localnet -o eth0+ -p udp --sport 137:139 -d 128.59.47.127 - -dport 137:139 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPT -t nat -A PREROUTING -p udp -s 10.0.0.137 --sport 137:139 -j DNAT --to 128.59.47.127:137:139 but it doesn't work. Any ideas? C
