Firewall Wizards mailing list archives
Re: NAT and NetBios
From: roger nebel <roger () homecom com>
Date: Sat, 19 Dec 1998 11:23:32 -0500
define objects using their actual IP address (NAT is *not* required) for each of the internal hosts that the securemote users need to reach and check export and put those objects in a group (or not) and put the objects or group in the encryption domain. choose encapsulate securemote. (take a look at the userc.C topology file that is downloaded to the securemote client after authentication, and, you do want to also *unchoose* allow unauthenticated topology requests for obvious reasons which you will see in the userc.C file if it can be downloaded by anybody who does a create site against your firewall). find computer on the traget object's actual IP address (NAT is *not* required). create a shortcut to that object for easy access thenceforth. If the securemote client is 95/98 they will need to have logged in as the domain user because of the way 95/98 caches logon credentials. if NT, the logon credentials will be presented to the server object and the user will be prompted if that account or password is not on that particular server. (Note: this works fine with 4.0, with 3.0x YMMV) or, write an inspect script to open the NBT header and translate the NBT address on the fly. Leslie Jay wrote:
Greetings, While I'm aware that NetBios over TCP (NBT) definitely is going to be a problem with most NAT products, in this particular case FW-1, because the host IP is contained in the payload which the NAT is not going to translate, there isn't much resources about how to resolve it. I'm sure that having know about this situation for so long, some creative soul must have figured out how to overcome it. I'm sure it is quite impossible to avoid altogether. For some reason, some people just NEEDs to be able to login to the WinNT domain from anywhere in the world. To save myself some sleepless, hair-pulling nights, I hope someone can share their findings, or recommend a possible lead. /Leslie ____________________________________________________________________ Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
Attachment:
vcard.vcf
Description: Card for Roger Nebel
Current thread:
- NAT and NetBios Leslie Jay (Dec 18)
- Re: NAT and NetBios roger nebel (Dec 22)
- Re: NAT and NetBios Stefan Norberg (Dec 22)
- RE: NAT and NetBios Yakov Kravets (Dec 22)
- <Possible follow-ups>
- RE: NAT and NetBios ark (Dec 23)
- Re: NAT and NetBios Jan . Bervar (Dec 23)