From: Nicholas Couchman <nick.couchman@yahoo.com>
To: netfilter@vger.kernel.org
Subject: Re: Windows/NetBIOS & SNAT
Date: Tue, 8 Sep 2009 16:50:02 -0700 (PDT) [thread overview]
Message-ID: <185948.38077.qm@web33403.mail.mud.yahoo.com> (raw)
In-Reply-To: <4AA62E6A.4030501@chello.at>
> Hello,
> I'm just guessing, but as you do source nat, the wins server will only see requests from the nat source and will only reply to that address - trying to assign a netbios name to 192.168.100.100. I
> don't know about nf_conntrack_netbios_ns, but maybe you would need something like nf_conntrack_nat_netbios_ns, which I don't know if it exists.
> But, do you really need the nat? Why not add the proper routes for the networks? There nf_conntrack_netbios_ns may do it's job within a simple filtering ruleset.
> Regards,
> Mart
Well, I think I've found part of the problem. The nf_conntrack_netbios_ns module only operates on port 137, not on port 138. I don't know exactly what the difference is, but it seems that all my WINS queries are attempting to go across on port 138. So, this explains why loading the nf_conntrack_netbios_ns module was not helping. I've now taken to trying to write a conntrack module that will cover port 138, but this isn't so simple a task as I had first imagined. Upon loading my newly written module, I start to see packets show up in the conntrack table, but no replies are ever registered. Weird, but I'll keep working.
As far as the nf_conntrack_nat_netbios_ns module goes, no, it doesn't exist in the kernel, but I don't see any nf_conntrack_nat* modules their, either, so I'm thinking that the standard nf_conntrack modules are supposed to cover NAT in addition to standard routing.
The reason I'm resisting creating another subnet with proper routes is because there are only 6 machines on this subnet. Sure I would save myself some time - it'd be done by now - but it' be nice to get this working, both to save myself another route/subnet and for future endeavors.
-Nick
next prev parent reply other threads:[~2009-09-08 23:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-03 23:28 Windows/NetBIOS & SNAT Nicholas Couchman
2009-09-06 22:01 ` Gerardo Fernandez
2009-09-09 0:54 ` Nicholas Couchman
2009-09-09 8:05 ` Mart Frauenlob
2009-09-09 12:08 ` Nicholas Couchman
2009-09-09 14:21 ` Pascal Hambourg
2009-09-08 10:14 ` Mart Frauenlob
2009-09-08 23:50 ` Nicholas Couchman [this message]
2009-09-09 14:16 ` Pascal Hambourg
2009-09-09 14:35 ` Nicholas Couchman
2009-09-09 15:45 ` Pascal Hambourg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=185948.38077.qm@web33403.mail.mud.yahoo.com \
--to=nick.couchman@yahoo.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.