On Mon, Mar 28, 2011 at 11:27, crocket <crockabiscuit@xxxxxxxxx> wrote: > > linux 2.6.38 already has nf_conntrack_netbios_ns which is the NetBIOS helper > module. > If I modprobe nf_conntrack_netbios_ns, broadcast name query reply packets are > recognized as RELATED packets. > It seems the module was already existent in 2006. > > > > ----- Original Message ---- > From: crocket <crockabiscuit@xxxxxxxxx> > To: netfilter@xxxxxxxxxxxxxxx > Sent: Mon, March 28, 2011 12:05:23 AM > Subject: How can I make iptables accept SMB UDP packets from/to UDP ports 137 > and 138? > > I want iptables accept SMB UDP packets in a subnet. > When samba uses SMB protocol, > it sends out name queries as broadcast packets from high number random UDP > source ports to 137 or 138 UDP port on remote hosts on the same subnet. > Since reply packets to the broadcast packets don't come from the broadcast > address for the subnet, > iptables can't categorize reply packets as ESTABLISHED,RELATED with state match > module. > I need some helper module to make iptables recognize them as RELATED. > Does anybody know where to find SMB Helper module? > Ah, I see. Then I stand corrected. Rgds, -- Pandu E Poluan ~ IT Optimizer ~ Visit my Blog: http://pepoluan.posterous.com -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
