Thank you but I don't think this helps. It looks like it is for the name service rather than the datagram service. I would think such a help would need to rewrite the embedded IP in the NetBIOS header and recalculate any checksumming - John On Sat, 2005-09-17 at 02:53 +0200, Rafa Garrido wrote: > It can that this patch of the last week help you: > http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=2859 > It will be necessary to hope to that stable kernel appears. > Greetings. > > > On 9/16/05, John A. Sullivan III <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote: > > We have encountered an unusual situation where NetBIOS datagram packets > > (138/udp) are being passed through an IPSec tunnel on an iptables > > firewall but they are also being NATted by the same firewall. It > > appears there is IP information embedded in the NetBIOS header. Thus > > NAT causes this protocol to break because the reply packets are sent to > > the original IP address in the NetBIOS header rather than the NAT IP > > address in the IP header. > > > > I believe Cisco does have a NAT helper for NetBIOS but I have not seen > > anything for iptables. Is there such a helper? Is there anyway for an > > iptables firewall to NAT NetBIOS datagram packets? Thanks - John > > -- > > John A. Sullivan III > > Open Source Development Corporation > > +1 207-985-7880 > > jsullivan@xxxxxxxxxxxxxxxxxxx > > > > If you would like to participate in the development of an open source > > enterprise class network security management system, please visit > > http://iscs.sourceforge.net > > > > > > > -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx Financially sustainable open source development http://www.opensourcedevel.com
