From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: bassam@palettemm.com
Cc: netfilter@lists.netfilter.org
Subject: Re: How to DNAT the only NetBios broadcast traffic (03:00:00:00:00:01)??
Date: Mon, 14 Jun 2004 10:45:43 -0400 [thread overview]
Message-ID: <1087224343.5243.39.camel@localhost> (raw)
In-Reply-To: <001b01c451c5$3c734150$1d01a8c0@palettemm.com>
On Mon, 2004-06-14 at 00:08, Bassam A. Al-Khaffaf wrote:
> Dear All,
>
> I am implementing a Linux box gateway that lunch my own firewall (I
> wrote my own iptables rules). The gateway connects two LANs, LAN1:
> 192.168.1.0/24 and LAN2: 192.168.0.0/24. LAN1 contains a windows 2000
> server domain controller IP: 192.168.1.231 and LAN2 contains my
> clients based on windows xp.
>
>
>
> In fact I got stuck on how to forward ONLY and ONLY the NETBIOS
> broadcast traffic (03:00:00:00:00:01) from any machine on LAN2 to the
> domain controller on LAN1. Take note that the NETBIOS traffic is
> carried on IEEE 802.3 Ethernet.
>
>
>
> I wrote the following iptable rule, but here all the traffic will be
> directed from LAN2 to the domain controller on LAN1
>
> Iptables –t nat –A PREROUTING –I eth1 –j DNAT –to-destination
> 192.168.1.231
>
>
>
> So can anybody help me on how can I forward the traffic with
> destination MAC address 03:00:00:00:00:01 from LAN2 to the domain
> controller (192.168.1.231) on LAN1?
>
>
<snip>
I have always used some kind of NetBIOS Name Service in a routed
environment just so that I do not have to handle the broadcasts. In
fact, I usually do this in a large switched environment as well to
minimize the broadcast traffic.
Where it is absolutely necessary, I have implemented a UDP helper to
turn the broadcast packets into unicast packets (similar to DHCP relay).
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
next prev parent reply other threads:[~2004-06-14 14:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-14 4:08 How to DNAT the only NetBios broadcast traffic (03:00:00:00:00:01)?? Bassam A. Al-Khaffaf
2004-06-14 14:45 ` John A. Sullivan III [this message]
2004-06-14 18:25 ` Chris Brenton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1087224343.5243.39.camel@localhost \
--to=john.sullivan@nexusmgmt.com \
--cc=bassam@palettemm.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.