On Mon, 2004-06-14 at 00:08, Bassam A. Al-Khaffaf wrote: > Dear All, > > I am implementing a Linux box gateway that lunch my own firewall (I > wrote my own iptables rules). The gateway connects two LANs, LAN1: > 192.168.1.0/24 and LAN2: 192.168.0.0/24. LAN1 contains a windows 2000 > server domain controller IP: 192.168.1.231 and LAN2 contains my > clients based on windows xp. > > > > In fact I got stuck on how to forward ONLY and ONLY the NETBIOS > broadcast traffic (03:00:00:00:00:01) from any machine on LAN2 to the > domain controller on LAN1. Take note that the NETBIOS traffic is > carried on IEEE 802.3 Ethernet. > > > > I wrote the following iptable rule, but here all the traffic will be > directed from LAN2 to the domain controller on LAN1 > > Iptables ât nat âA PREROUTING âI eth1 âj DNAT âto-destination > 192.168.1.231 > > > > So can anybody help me on how can I forward the traffic with > destination MAC address 03:00:00:00:00:01 from LAN2 to the domain > controller (192.168.1.231) on LAN1? > > <snip> I have always used some kind of NetBIOS Name Service in a routed environment just so that I do not have to handle the broadcasts. In fact, I usually do this in a large switched environment as well to minimize the broadcast traffic. Where it is absolutely necessary, I have implemented a UDP helper to turn the broadcast packets into unicast packets (similar to DHCP relay). -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
