From: Nicholas Couchman <nick.couchman@yahoo.com>
To: netfilter@vger.kernel.org
Subject: Re: Windows/NetBIOS & SNAT
Date: Tue, 8 Sep 2009 16:50:02 -0700 (PDT) [thread overview]
Message-ID: <185948.38077.qm@web33403.mail.mud.yahoo.com> (raw)
In-Reply-To: <4AA62E6A.4030501@chello.at>
> Hello,
> I'm just guessing, but as you do source nat, the wins server will only see requests from the nat source and will only reply to that address - trying to assign a netbios name to 192.168.100.100. I
> don't know about nf_conntrack_netbios_ns, but maybe you would need something like nf_conntrack_nat_netbios_ns, which I don't know if it exists.
> But, do you really need the nat? Why not add the proper routes for the networks? There nf_conntrack_netbios_ns may do it's job within a simple filtering ruleset.
> Regards,
> Mart
Well, I think I've found part of the problem. The nf_conntrack_netbios_ns module only operates on port 137, not on port 138. I don't know exactly what the difference is, but it seems that all my WINS queries are attempting to go across on port 138. So, this explains why loading the nf_conntrack_netbios_ns module was not helping. I've now taken to trying to write a conntrack module that will cover port 138, but this isn't so simple a task as I had first imagined. Upon loading my newly written module, I start to see packets show up in the conntrack table, but no replies are ever registered. Weird, but I'll keep working.
As far as the nf_conntrack_nat_netbios_ns module goes, no, it doesn't exist in the kernel, but I don't see any nf_conntrack_nat* modules their, either, so I'm thinking that the standard nf_conntrack modules are supposed to cover NAT in addition to standard routing.
The reason I'm resisting creating another subnet with proper routes is because there are only 6 machines on this subnet. Sure I would save myself some time - it'd be done by now - but it' be nice to get this working, both to save myself another route/subnet and for future endeavors.
-Nick
next prev parent reply other threads:[~2009-09-08 23:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-03 23:28 Windows/NetBIOS & SNAT Nicholas Couchman
2009-09-06 22:01 ` Gerardo Fernandez
2009-09-09 0:54 ` Nicholas Couchman
2009-09-09 8:05 ` Mart Frauenlob
2009-09-09 12:08 ` Nicholas Couchman
2009-09-09 14:21 ` Pascal Hambourg
2009-09-08 10:14 ` Mart Frauenlob
2009-09-08 23:50 ` Nicholas Couchman [this message]
2009-09-09 14:16 ` Pascal Hambourg
2009-09-09 14:35 ` Nicholas Couchman
2009-09-09 15:45 ` Pascal Hambourg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=185948.38077.qm@web33403.mail.mud.yahoo.com \
--to=nick.couchman@yahoo.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox