Firewall Wizards mailing list archives

Re: sunscreen vs netbios

From: Jim MacLeod <jmacleod () hotpop com>
Date: Mon, 28 Oct 2002 15:24:37 -0800

Depends on the windows network config. (Not gonna do an MS rant, not gonnado an MS rant, breathe, Jim, breathe...)

Windows networking Workgroups are based on broadcasts. No way to browse aworkgroup through a routing firewall or VPN.

Domains are a trickier beast. On browsing, NT uses point-to-point netbiosfor WINS, Win2K actually uses DNS to the PDC (or ADS or whatever they callit this rev). Don't forget that netbios uses 137, 138, and 139.

Oh, and did I forget to mention that random windows networking thingssimply will not work through NAT? e.g. changing passwords. However,browsing and logging on should still work.


Good luck,

-Jim

At 11:40 AM 10/28/2002, Todd Anderson wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am having trouble getting sun to allow certian netbios traffic.

my setup is a sunscreen lite 3.2  running static nat for a windows server.

nat is working fine, no problems accessing stuff on the other side of the
firewall.

the netbios rule is a generous, but still not working

add rule netbios * * ALLOW

netbios works if I manually map a share

net use x: \\server\share /USER:domain\me

however, when I try to browse the network or join a domain I never see a
response comming back to the external interface of the sunscreen.  (using
snoop)

has anyone run into this, or is it a user problem?

todd


- --
Todd Anderson
773-834-2563
todd () bsd uchicago edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vZKrvyLQBGnvNz4RAi7ZAJwJY23KpS7p9aggTEKTZFkuPlfyTQCgnnMF
K340oBxEB6Sm82oRyfGc8Sg=
=PNeu
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

sunscreen vs netbios Todd Anderson (Oct 28)
- Re: sunscreen vs netbios Mikael Olsson (Oct 28)
- Re: sunscreen vs netbios Jim MacLeod (Oct 28)
- <Possible follow-ups>
- RE: sunscreen vs netbios Henry Sieff (Oct 29)
- RE: sunscreen vs netbios Elizabeth Zwicky (Oct 30)