I do not see why you need to go back to win2k for firewalling. 1.- Is the domain controller on the Internet? 2.- How many machines will be accessing this server? 3.- Why do you need to NAT?
Daniel On Mon, 2002-05-13 at 08:10, Kramer wrote: > Thanks to all for the replies. I did find all the postings on the web > about NAT and NBT. I am just very surprised that nothing has already > been done about it. There are probably very few networks that don't > have at least some MS windows presense. It seems as thought this would > have gotten some attention by someone on the netfilter team. An > ip_conntrack_NBT is really needed to translate the internal addresses in > the NATed packets. I have Samba running successfully on other boxes but > don't want it on the firewall or inside. In this case I really wanted to > set up the private NAT subnet for many reasons. I guess I either drop > the NAT requirement or am very reluctantly back to using Win2K as the > firewall server ( or saving for a Cisco and all the license fees ). > > Jack > > Daniel Elías Robles wrote: > > > This issue have been addressed several times, the correct way to handle this > > is not to NAT netbios traficc, due the fact that there is not helper > > available -- at least at the time of this writing --, this does not mean you > > can not route via iptbles, you still can use it, just do not NAT it. > > > > I have some large installation, several hundred computers use iptables to > > log into the PDC. > > > > Just expand the range of the private side of your firewall -- in case you > > have more that 254 hosts on your lan -- , make sure you packets can find > > their way back to your lan -- router issues --, forward as needed, > > remember -- don't Masquerade this traffic --"everything gonna be allright". > > > > Regards, > > > > > > Daniel > > Dominican Republic > > ----- Original Message ----- > > From: "AUDEMARD Patrick" <[EMAIL PROTECTED]> > > To: "Kramer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Monday, May 13, 2002 3:55 AM > > Subject: RE: MS Windows domain logon via netfilter NAT > > > > > > IPtable doesn't fully support Netbios over IP. > > > > Check this article for more information. > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q172227 > > > > Patrick AUDEMARD > > > > -----Message d'origine----- > > De : Kramer [mailto:[EMAIL PROTECTED]] > > Envoyé : dimanche 12 mai 2002 19:29 > > À : [EMAIL PROTECTED] > > Objet : MS Windows domain logon via netfilter NAT > > > > > > I have gotten a RedHat 7.3 box operating as a router/filter to a private > > (192.168.132.0/24) with dhcp without too much trouble. One major > > problem remains that I can't find any info on. The fixes for the NAT > > public address reverse routing and the broadcast address fixes are > > already applied. > > > > Windows client hosts on the NATed LAN can't find the NT4 Domain for > > logon. Therefore Network Neighborhood browsing doesn't work. Strangely > > direct UNC connections will work if logon credentials are not required. > > > > I am sure I am not the first to run into this. Can anyone help? > > > > Jack Kramer > > University of Florida > > Fort Lauderdale > > > > > > > > > > > > > > >
