Netbios over NAT

Netbios over NAT

[Jeremy]

Has anyone been able to hack netfilter in order to get it to work with
Netbios over NAT? I've been searching online and I read some posts
from 2002 that said it didn't, but I was wondering if anyone has
written anything for it recently to allow those types of connections?

Re: Netbios over NAT

[John A. Sullivan III]

On Thu, 2006-10-19 at 10:28 -0400, Jeremy wrote:
> Has anyone been able to hack netfilter in order to get it to work with
> Netbios over NAT? I've been searching online and I read some posts
> from 2002 that said it didn't, but I was wondering if anyone has
> written anything for it recently to allow those types of connections?

As far as I know, most NetBIOS functionality works across NAT except for
browsing (and perhaps name registration). That seems to embed the IP
address in the upper layer data.

We had an interest in partially sponsoring this addition which is
apparently near trivial.  In the ISCS network security management
project, we have a feature to map one network to another address to help
resolve internal IP address conflicts.  It's not a perfect solution but
it helps in a pinch.  The failure of browsing working across the NAT is
one of its major shortcomings.

Patrick McHardy was interested in writing the helper but we never found
full sponsorship.  If I recall, it was only around an US$800 job.  I do
not believe anyone else has added this functionality.

It's one of the very few areas where I have found iptables falling short
of the major commercial firewalls many of whom have a NetBIOS NAT helper
- John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com

If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net

Re: Netbios over NAT

[Pascal Hambourg]

Hello,

John A. Sullivan III a écrit :
> 
> As far as I know, most NetBIOS functionality works across NAT except for
> browsing (and perhaps name registration).

Isn't it because these functionnalities use IP broadcasts ?

Re: Netbios over NAT

[John A. Sullivan III]

On Thu, 2006-10-19 at 19:14 +0200, Pascal Hambourg wrote:
> Hello,
> 
> John A. Sullivan III a écrit :
> > 
> > As far as I know, most NetBIOS functionality works across NAT except for
> > browsing (and perhaps name registration).
> 
> Isn't it because these functionnalities use IP broadcasts ?
> 
No, they can be configured to use unicast packets and a WINS.  However,
even with unicast packets and WINS, it breaks when NAT is applied - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com

If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net