* How to DNAT the only NetBios broadcast traffic (03:00:00:00:00:01)??
@ 2004-06-14 4:08 Bassam A. Al-Khaffaf
2004-06-14 14:45 ` John A. Sullivan III
2004-06-14 18:25 ` Chris Brenton
0 siblings, 2 replies; 3+ messages in thread
From: Bassam A. Al-Khaffaf @ 2004-06-14 4:08 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1157 bytes --]
Dear All,
I am implementing a Linux box gateway that lunch my own firewall (I
wrote my own iptables rules). The gateway connects two LANs, LAN1:
192.168.1.0/24 and LAN2: 192.168.0.0/24. LAN1 contains a windows 2000
server domain controller IP: 192.168.1.231 and LAN2 contains my clients
based on windows xp.
In fact I got stuck on how to forward ONLY and ONLY the NETBIOS
broadcast traffic (03:00:00:00:00:01) from any machine on LAN2 to the
domain controller on LAN1. Take note that the NETBIOS traffic is carried
on IEEE 802.3 Ethernet.
I wrote the following iptable rule, but here all the traffic will be
directed from LAN2 to the domain controller on LAN1
Iptables –t nat –A PREROUTING –I eth1 –j DNAT –to-destination
192.168.1.231
So can anybody help me on how can I forward the traffic with destination
MAC address 03:00:00:00:00:01 from LAN2 to the domain controller
(192.168.1.231) on LAN1?
Thanks for your support
Regards
Bassam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 9/1/2003
[-- Attachment #2: Type: text/html, Size: 7526 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to DNAT the only NetBios broadcast traffic (03:00:00:00:00:01)??
2004-06-14 4:08 How to DNAT the only NetBios broadcast traffic (03:00:00:00:00:01)?? Bassam A. Al-Khaffaf
@ 2004-06-14 14:45 ` John A. Sullivan III
2004-06-14 18:25 ` Chris Brenton
1 sibling, 0 replies; 3+ messages in thread
From: John A. Sullivan III @ 2004-06-14 14:45 UTC (permalink / raw)
To: bassam; +Cc: netfilter
On Mon, 2004-06-14 at 00:08, Bassam A. Al-Khaffaf wrote:
> Dear All,
>
> I am implementing a Linux box gateway that lunch my own firewall (I
> wrote my own iptables rules). The gateway connects two LANs, LAN1:
> 192.168.1.0/24 and LAN2: 192.168.0.0/24. LAN1 contains a windows 2000
> server domain controller IP: 192.168.1.231 and LAN2 contains my
> clients based on windows xp.
>
>
>
> In fact I got stuck on how to forward ONLY and ONLY the NETBIOS
> broadcast traffic (03:00:00:00:00:01) from any machine on LAN2 to the
> domain controller on LAN1. Take note that the NETBIOS traffic is
> carried on IEEE 802.3 Ethernet.
>
>
>
> I wrote the following iptable rule, but here all the traffic will be
> directed from LAN2 to the domain controller on LAN1
>
> Iptables –t nat –A PREROUTING –I eth1 –j DNAT –to-destination
> 192.168.1.231
>
>
>
> So can anybody help me on how can I forward the traffic with
> destination MAC address 03:00:00:00:00:01 from LAN2 to the domain
> controller (192.168.1.231) on LAN1?
>
>
<snip>
I have always used some kind of NetBIOS Name Service in a routed
environment just so that I do not have to handle the broadcasts. In
fact, I usually do this in a large switched environment as well to
minimize the broadcast traffic.
Where it is absolutely necessary, I have implemented a UDP helper to
turn the broadcast packets into unicast packets (similar to DHCP relay).
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to DNAT the only NetBios broadcast traffic (03:00:00:00:00:01)??
2004-06-14 4:08 How to DNAT the only NetBios broadcast traffic (03:00:00:00:00:01)?? Bassam A. Al-Khaffaf
2004-06-14 14:45 ` John A. Sullivan III
@ 2004-06-14 18:25 ` Chris Brenton
1 sibling, 0 replies; 3+ messages in thread
From: Chris Brenton @ 2004-06-14 18:25 UTC (permalink / raw)
To: bassam; +Cc: netfilter
On Mon, 2004-06-14 at 00:08, Bassam A. Al-Khaffaf wrote:
>
> In fact I got stuck on how to forward ONLY and ONLY the NETBIOS
> broadcast traffic (03:00:00:00:00:01) from any machine on LAN2 to the
> domain controller on LAN1. Take note that the NETBIOS traffic is
> carried on IEEE 802.3 Ethernet.
I think you are confused. _NetBEUI_ transmits to 3:0:0:0:0:01, not
NetBIOS/IP. These are NetBEUI _multicasts_, not broadcasts.
If you are actually using NetBEUI your options are:
1) bridge the traffic
2) Upgrade to NetBIOS/IP or SMB/IP
If you are actually using NetBIOS/IP already, your options are:
1) setup a WINS server
2) create lmhosts entries on the client
> I wrote the following iptable rule, but here all the traffic will be
> directed from LAN2 to the domain controller on LAN1
>
> Iptables –t nat –A PREROUTING –I eth1 –j DNAT –to-destination
> 192.168.1.231
If you are using NetBEUI, your problem is not iptables. Your problem is
you are using a non-routable protocol. As mentioned above, you need to
use a bridge or switch over to something IP based.
HTH,
Chris
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-06-14 18:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-14 4:08 How to DNAT the only NetBios broadcast traffic (03:00:00:00:00:01)?? Bassam A. Al-Khaffaf
2004-06-14 14:45 ` John A. Sullivan III
2004-06-14 18:25 ` Chris Brenton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.