BMicrosoft Networking over IP Masquerading

Mon Oct 6 04:38:09 GMT 1997

Marco A. Zamora wrote:
> 
> > Date: Fri, 3 Oct 1997 23:08:01 +0000
> > From: kevina at clark.net
> > To: samba at samba.anu.edu.au
> > Subject: Microsoft Networking over IP Masquerading
> > Message-ID: <03072704203354 at wvwc.edu>
> >
> > I have an interesting challenge, if anyone is willing to help me get
> > everything configured right I promise to make a Mini-HOWTO out of it.
> >
> > I am trying to use Samba to make Microsoft Networking work over IP
> > Masquerading in Linux.
> 
> Good luck: your big problem is that SMB over TCP encapsulates the *original* IP
> addresses inside the SMB block. When a packet crosses a masquerading server,
> only the headers are changed, but the IP addresses inside are not, therefore
> the receiving machine wants to talk to the original IP address (and the IPMasq
> server ensures that he can't).
> 
> I know for a fact that the Cisco servers which do NAT (Network Address
> Translation, another name for the same thingie) *do* peek inside the NetBios on
> TCP packets and change the addresses accordingly.
> 
> You'd have to really go over the NBT RFCs (rfc1001, 1002 and --I think-- 1003),
> check which packets include the IP addresses in the payload note their offsets
> in the data portion, hope you don't miss any undocumented ones from M$ (:-}),
> and ultimately hack the IPFW kernel code.
> 
> Whoops! I just re-read your whole message and just realized you were talking
> about configuring Samba as a gateway. The easy way out this without touching
> the ipfw code would be having samba on the same box as the ipfw server, and you
> would have to smbmount the "external" shares on the samba box, and then make
> them available on the "internal" side. Maybe by extending the
> \\box\share-user-password syntax (and running a little script from the
> pseudo-share definition in smb.conf) you could ask for any arbitrary external
> share at the client mounting time.
> 
> IMHO the ipfw hack would be technically superior, provided you don't bump into
> problems with undocumented IP addresses in the NBT payload. Maybe someone has
> already done this. Have you checked in comp.protocols.smb?
> 
> > I have two machines, a Linux machine (with two Ethernet cards) and Windows
> > 95 machine that is hiding behind IP Masquerading. I am connected to the
> > [...snip...]
> > I am convinced that Samba can be used as a gateway so to speak to make
> > everything work properly but I don't know enough about Samba and Microsoft
> > Networking to know the exact in and outs.
> 
> Cheers...                       Marco Zamora

You might want to have a look at CIPE...

	(http://www.inka.de/~bigred/devel/cipe.html)

	...This creates an encrypted tunnel over UDP. You might be able to
setup a VPN with it, routing your SMB connections over it. I plan to try
this. But, because of time constraints, have not gotten beyond compiling
it and loading the module into kernel space (Linux).

Good Luck,

-James