This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No NetBOIS through Firewall

Sorry about my question to NetBIOS. I know that NetBIOS is dangerous on firewalls.

I tried to make a NetBIOS connection through the
Astaro firewall ( Home Office version 3.2).

Konfiguration : ( sorry for the ugly picture )

..................--------------
.................|..............|.....subnet
192.168.0...|.Firewall.|.....192.168.1.
---+------------|..............|-------+--------+--
...|.............|..............|.........|........|
...|........... ..--------------.........|........|
...|.....................................|........|...
PC Win98..................PC NT4....PC Win98

192.168.0.10..........192.168.1.20
...................................192.168.1.30

Broadcast 255.255.255.0..........255.255.255.0

I have not special rules for the Packages defined

Rule restrictions are set. I have set from any(clients)  , any service to any (server) Action allow.

This is ony a test configuration an has no connettion to the internet.

Ping and through the fire wall is working fine,
but the single PC on subnet 192.168.0 can't see the other PC's  on Subnet 192.168.1.
All PC#s are in the same Workgroup. Netbios over TCP ist enabled on the PC's

In packet filterlive log I can see
Source        Port      Destination     Port Protocol
192.168.0.10  137   ->  192.168.1.255.  137  UDP

please help me

How is the general Astaro setup in my case
    No package filtering
    Full transparent form one subnet to the other
    If that works than i try to define rules.

Or is there an geneal under satanding problem that NetBIOS over tcp is may be not working through Astaro Firewall?

regards Werner
[:S]

This thread was automatically locked due to age.

Parents

0 Andy_01 over 22 years ago

as you can see from the log:
192.168.0.10 137 -> 192.168.1.255. 137 UDP
these are broadcasts which can't be routed.
To get the name resolution with netbios you need a WINS server or use the file lmhosts on Windows.
Cancel
Vote Up 0 Vote Down

Cancel
0 ClausP over 22 years ago in reply to Andy_01

...use 'bcrelay' to forward broadcasts ;-)

This little utility runs on yer Linux firewall. It listens for broadcast requests and forwards them on to every active interface.

It will work over pppoe, ip/ip, pptp, and ipsec tunnels. It will probably work over other types of tunnel as well. The program does a scan for new interfaces every 30 seconds. If there are no broadcast packets to forward, it lays dormant.

Usage: bcrelay port [[interface] ...]

If interfaces are given on the command line, the packets will only be sent over those interfaces.

http://novaeria.users.btopenworld.com/faq.txt

[size="1"][ 27 January 2003, 11:27: Message edited by: ClausP ][/size]
Cancel
Vote Up 0 Vote Down

Cancel
0 Ian Collins over 22 years ago in reply to ClausP

Your best bet is to run WINS on the NT server. Have all the machine use this wins server and it will all work fine. I have an externail (Internet connection), an internal (local lan) and a DMZ (servers). One of the servfers in the DMZ runs WINS. This allows all of the clients on the internal network to see all of the servers in the DMZ (including the PDC/BDC for authentication).
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Ian Collins over 22 years ago in reply to ClausP

Your best bet is to run WINS on the NT server. Have all the machine use this wins server and it will all work fine. I have an externail (Internet connection), an internal (local lan) and a DMZ (servers). One of the servfers in the DMZ runs WINS. This allows all of the clients on the internal network to see all of the servers in the DMZ (including the PDC/BDC for authentication).
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data