NAT for NetBIOS Datagram Headers?

NAT for NetBIOS Datagram Headers?

Post by Stan Starke » Fri, 13 Aug 1999 04:00:00



Does anybody out there have any recommendations for a firewall that can
provide NAT service for NetBIOS datagram headers?

Here's the situation - we have been tasked with creating a DMZ for a
government project that involves a number of different companies as
contractors.  Because the two main contractors have NetWare networks at
home, it was decided to run NetWare 5 for the file & print services
inside the DMZ with BorderManger as the gateway between the DMZ and
those home offices.  On the other side of the DMZ is the government's NT
network.  We had purchased BorderWare 6.02 for the firewall on that
end.  We have now been told that the government folks want to put some
of their people inside the DMZ, yet maintain access through the firewall
to their NT network.  Unfortunately, we have discovered that BorderWare
will not support that configuration because NT (in its infinite wisdom)
imbeds the return address for many of it's internal functions in the NBT
header as well as the IP header of the request.  BorderWare translates
the address in the IP header, but not the NBT header, and that's what NT
addresses the response to.  As a result, the packets are sent out by the
firewall, but the never come back.

I have asked around, and been told that Firewall-1 and RaptorNT will
both handle translation of NBT headers.  Can anybody out there give me
some input regarding strengths/weaknesses of those two as well as any
other products that have this required functionality?  Any feedback is
greatly appreciated.

Thanks,
Stan Starkey
Network Administrator
Knight/Sverdrup Joint Venture

phone: (423) 241-3001

 
 
 

NAT for NetBIOS Datagram Headers?

Post by Rob Rockstr » Wed, 18 Aug 1999 04:00:00


Quote:

>Does anybody out there have any recommendations for a firewall that can
>provide NAT service for NetBIOS datagram headers?

If the client is moving to Windows 2000 then this problem should go away.
If your stuck then the Firewall-1 product is great on UNIX.  I can not
confirm it does what you want.

 
 
 

1. NetBIOS Datagram?

I've been getting this alert in ZAPro for the last couple of days.

"The firewall has blocked Internet access to your computer (NetBIOS
Datagram) from 209.53.xxx.xxx (NetBIOS Datagram).
Occurred: 4 times between 3/31/2001 10:39:54 and 3/31/2001 11:16:32"

Today I've had around 20 of these. Thursday, there were over 100. I've
let my ISP know, as the IP address belongs to one of their customers
(cable internet), but I am curious as to what a NetBIOS Datagram is.
Can anybody clue me in?

Thanks

tim

2. Answering modem doesn't hang up

3. Matlab Compiler Woes

4. NetBIOS Datagram block in Win2kserver and ZA pro

5. Linux firewall / proxy using MASQ, need some help!

6. No host header hosting thru NAT - Business or technical decision?

7. NetBIOS over NAT with CheckPoint VPN-1 4.1

8. FW-1 VPN NAT NetBIOS advice

9. NAT (Netbios Auditing Tool) Released - Freeware

10. Sonicwall, NAT, NetBIOS, DMZ

11. Block netbios with nat?