On 9/17/05, John A. Sullivan III <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote: > Thank you but I don't think this helps. It looks like it is for the > name service rather than the datagram service. I would think such a > help would need to rewrite the embedded IP in the NetBIOS header and > recalculate any checksumming - John Sorry, have you tested this module? http://suif.stanford.edu/~csapuntz/ip_nat_netbios.c The only thing is that this module don't consider if it is a NetBios package or no, assumes that if it comes from udp-port 138 is a NetBios package. > > On Sat, 2005-09-17 at 02:53 +0200, Rafa Garrido wrote: > > It can that this patch of the last week help you: > > http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=2859 > > It will be necessary to hope to that stable kernel appears. > > Greetings. > > > > > > On 9/16/05, John A. Sullivan III <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote: > > > We have encountered an unusual situation where NetBIOS datagram packets > > > (138/udp) are being passed through an IPSec tunnel on an iptables > > > firewall but they are also being NATted by the same firewall. It > > > appears there is IP information embedded in the NetBIOS header. Thus > > > NAT causes this protocol to break because the reply packets are sent to > > > the original IP address in the NetBIOS header rather than the NAT IP > > > address in the IP header. > > > > > > I believe Cisco does have a NAT helper for NetBIOS but I have not seen > > > anything for iptables. Is there such a helper? Is there anyway for an > > > iptables firewall to NAT NetBIOS datagram packets? Thanks - John > > > -- > > > John A. Sullivan III > > > Open Source Development Corporation > > > +1 207-985-7880 > > > jsullivan@xxxxxxxxxxxxxxxxxxx > > > > > > If you would like to participate in the development of an open source > > > enterprise class network security management system, please visit > > > http://iscs.sourceforge.net > > > > > > > > > > > > -- > John A. Sullivan III > Open Source Development Corporation > +1 207-985-7880 > jsullivan@xxxxxxxxxxxxxxxxxxx > > Financially sustainable open source development > http://www.opensourcedevel.com > >
