On Thu, 2006-10-19 at 10:28 -0400, Jeremy wrote: > Has anyone been able to hack netfilter in order to get it to work with > Netbios over NAT? I've been searching online and I read some posts > from 2002 that said it didn't, but I was wondering if anyone has > written anything for it recently to allow those types of connections? As far as I know, most NetBIOS functionality works across NAT except for browsing (and perhaps name registration). That seems to embed the IP address in the upper layer data. We had an interest in partially sponsoring this addition which is apparently near trivial. In the ISCS network security management project, we have a feature to map one network to another address to help resolve internal IP address conflicts. It's not a perfect solution but it helps in a pinch. The failure of browsing working across the NAT is one of its major shortcomings. Patrick McHardy was interested in writing the helper but we never found full sponsorship. If I recall, it was only around an US$800 job. I do not believe anyone else has added this functionality. It's one of the very few areas where I have found iptables falling short of the major commercial firewalls many of whom have a NetBIOS NAT helper - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net
