BMicrosoft Networking over IP Masquerading

James Hughes jamesh at
Mon Oct 6 04:38:09 GMT 1997

Marco A. Zamora wrote:
> > Date: Fri, 3 Oct 1997 23:08:01 +0000
> > From: kevina at
> > To: samba at
> > Subject: Microsoft Networking over IP Masquerading
> > Message-ID: <03072704203354 at>
> >
> > I have an interesting challenge, if anyone is willing to help me get
> > everything configured right I promise to make a Mini-HOWTO out of it.
> >
> > I am trying to use Samba to make Microsoft Networking work over IP
> > Masquerading in Linux.
> Good luck: your big problem is that SMB over TCP encapsulates the *original* IP
> addresses inside the SMB block. When a packet crosses a masquerading server,
> only the headers are changed, but the IP addresses inside are not, therefore
> the receiving machine wants to talk to the original IP address (and the IPMasq
> server ensures that he can't).
> I know for a fact that the Cisco servers which do NAT (Network Address
> Translation, another name for the same thingie) *do* peek inside the NetBios on
> TCP packets and change the addresses accordingly.
> You'd have to really go over the NBT RFCs (rfc1001, 1002 and --I think-- 1003),
> check which packets include the IP addresses in the payload note their offsets
> in the data portion, hope you don't miss any undocumented ones from M$ (:-}),
> and ultimately hack the IPFW kernel code.
> Whoops! I just re-read your whole message and just realized you were talking
> about configuring Samba as a gateway. The easy way out this without touching
> the ipfw code would be having samba on the same box as the ipfw server, and you
> would have to smbmount the "external" shares on the samba box, and then make
> them available on the "internal" side. Maybe by extending the
> \\box\share-user-password syntax (and running a little script from the
> pseudo-share definition in smb.conf) you could ask for any arbitrary external
> share at the client mounting time.
> IMHO the ipfw hack would be technically superior, provided you don't bump into
> problems with undocumented IP addresses in the NBT payload. Maybe someone has
> already done this. Have you checked in comp.protocols.smb?
> > I have two machines, a Linux machine (with two Ethernet cards) and Windows
> > 95 machine that is hiding behind IP Masquerading. I am connected to the
> > [...snip...]
> > I am convinced that Samba can be used as a gateway so to speak to make
> > everything work properly but I don't know enough about Samba and Microsoft
> > Networking to know the exact in and outs.
> Cheers...                       Marco Zamora

You might want to have a look at CIPE...


	...This creates an encrypted tunnel over UDP. You might be able to
setup a VPN with it, routing your SMB connections over it. I plan to try
this. But, because of time constraints, have not gotten beyond compiling
it and loading the module into kernel space (Linux).

Good Luck,


More information about the samba mailing list