BMicrosoft Networking over IP Masquerading

Marco A. Zamora mzamora at cbbanorte.com.mx
Mon Oct 6 03:54:48 GMT 1997 

> Date: Fri, 3 Oct 1997 23:08:01 +0000
> From: kevina at clark.net
> To: samba at samba.anu.edu.au
> Subject: Microsoft Networking over IP Masquerading
> Message-ID: <03072704203354 at wvwc.edu>
> 
> I have an interesting challenge, if anyone is willing to help me get
> everything configured right I promise to make a Mini-HOWTO out of it.
> 
> I am trying to use Samba to make Microsoft Networking work over IP
> Masquerading in Linux.

Good luck: your big problem is that SMB over TCP encapsulates the *original* IP
addresses inside the SMB block. When a packet crosses a masquerading server,
only the headers are changed, but the IP addresses inside are not, therefore
the receiving machine wants to talk to the original IP address (and the IPMasq
server ensures that he can't).

I know for a fact that the Cisco servers which do NAT (Network Address
Translation, another name for the same thingie) *do* peek inside the NetBios on
TCP packets and change the addresses accordingly. 

You'd have to really go over the NBT RFCs (rfc1001, 1002 and --I think-- 1003),
check which packets include the IP addresses in the payload note their offsets
in the data portion, hope you don't miss any undocumented ones from M$ (:-}),
and ultimately hack the IPFW kernel code. 

Whoops! I just re-read your whole message and just realized you were talking
about configuring Samba as a gateway. The easy way out this without touching
the ipfw code would be having samba on the same box as the ipfw server, and you
would have to smbmount the "external" shares on the samba box, and then make
them available on the "internal" side. Maybe by extending the
\\box\share-user-password syntax (and running a little script from the
pseudo-share definition in smb.conf) you could ask for any arbitrary external
share at the client mounting time.

IMHO the ipfw hack would be technically superior, provided you don't bump into
problems with undocumented IP addresses in the NBT payload. Maybe someone has
already done this. Have you checked in comp.protocols.smb?

> I have two machines, a Linux machine (with two Ethernet cards) and Windows
> 95 machine that is hiding behind IP Masquerading. I am connected to the
> [...snip...]
> I am convinced that Samba can be used as a gateway so to speak to make
> everything work properly but I don't know enough about Samba and Microsoft
> Networking to know the exact in and outs.

Cheers...			Marco Zamora

More information about the samba mailing list