iptables NAT still does not have a conntrack to handle the embedded netbios addresses for a NATed subnet. Basically you cannot use iptables NAT if there are MS networking hosts on any NATed subnet. Is anyone working on this now?
I am very puzzled by this because I find very few networks that don't have at least some MS Windows workstations. Even more puzzled since the iptables.org group is also the Samba group for making unix/linux interoperate with MS and iptables is not compatible with MS. Cisco, Checkpoint and other commercial proprietary firewalls handle netbios thru NAT. If I have missed the fix to this problem somewhere I would love to be corrected. Jack Kramer University of Florida
