Ubuntu's UFW firewall is easy to use and by default allows replies to established connections. Unfortunately—and this is where Pascal's tip fits in—it doesn't recognize responses to broadcasts, because iptables lacks this feature. Therefore adding "nf_conntrack_netbios_ns" to UFW's default parameter 'IPT_MODULES' in /etc/default/ufw fixes the NetBIOS hostname resolution functionality. Pascal, thanks for your valuable suggestion! Joris > Date: Tue, 25 Nov 2008 12:08:38 +0100 > From: pascal.mail@xxxxxxxxxxxxxxx > To: netfilter@xxxxxxxxxxxxxxx > Subject: Re: Tracking broadcasting replies *only* using 'conntrack' > > Joris Korbeeck a écrit : >> >> But unfortunately 'conntrack' doesn't recognize the sender's IP >> address (e.g. 192.168.1.3) as a 'member' of 192.168.1.255. Does anyone >> have a solution to allow these replies to hostname resolution requests >> which make use of random ports? > > Indeed conntrack does not handle broadcasts. You need to load the > NetBIOS Name Service conntrack helper module ip_conntrack_netbios_ns (on > older kernels) or nf_conntrack_netbios_ns (on newer kernels). > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
