linux 2.6.38 already has nf_conntrack_netbios_ns which is the NetBIOS helper
module.
If I modprobe nf_conntrack_netbios_ns, broadcast name query reply packets are
recognized as RELATED packets.
It seems the module was already existent in 2006.
----- Original Message ----
From: crocket <crockabiscuit@xxxxxxxxx>
To: netfilter@xxxxxxxxxxxxxxx
Sent: Mon, March 28, 2011 12:05:23 AM
Subject: How can I make iptables accept SMB UDP packets from/to UDP ports 137
and 138?
I want iptables accept SMB UDP packets in a subnet.
When samba uses SMB protocol,
it sends out name queries as broadcast packets from high number random UDP
source ports to 137 or 138 UDP port on remote hosts on the same subnet.
Since reply packets to the broadcast packets don't come from the broadcast
address for the subnet,
iptables can't categorize reply packets as ESTABLISHED,RELATED with state match
module.
I need some helper module to make iptables recognize them as RELATED.
Does anybody know where to find SMB Helper module?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
