NT Login with ipchains

Bernhard Riegel (sdm) Bernhard.Riegel at sdm.de
Mon Dec 13 07:43:12 GMT 1999

Hello David,

After some experiments and discussions I came to the following result
private NT-Box connecting to a LAN via ipchains and using all NETBIOS
services (incl. domain-logon):

Cross-subnet browsing with NETBIOS could only be done by a local master
browser in the private net. I first thought of using Samba on the Linux
router for that. But the Samba service would have to use the network
interface of the private net for that, not the LAN-interface. This leads
to the same problem as a NT-workstation acting as local master browser
in the private namespace: the PDC must know the private IP-address of
the local master browser to contact him. As our technical staff does not
allow this, I cannot use domain logons for now.

Nevertheless I use some NETBIOS services in the following setup: Linux
box with VMware. Only the Linux box has a LAN-IP-address. The two
NT-installations running inside VMware build up a private net together
with the virtual ethernet-card "vmnet1" of VMware (Host-only
networking). Linux (kernel 2.2.5) acts as a router with IP-masquerading
for the packages from/to the vmnet.
The NT drives of the LAN for example I'am mounting via "netuse". This is
o.k. for installing NT-software and saving of data.

All other services based on TCP/IP are running fine: I use Java-applets
within InternetExplorer 5 doing RMI-Calls to an Host system
(OpenEdition) while developping software on the Linux box.
(VMware is optimal for testing the update-mechanism of the
InternetExplorer, because any changes on the virtual disks can be

"Krusch, David" wrote:
> Did you ever find a way for an NT box on the private side of a Linux MASQ'd
> network
> to login to a PDC on the Wan side?  (same as your post below)!  I am using
> Linux 2.2.13
> with ipchains and ipmasqadm.
> Thanks!
> Dave Krusch
> ======================
> NT logon with ipchains
> *       Date: Fri, 28 May 1999 11:23:32 +0200
> *       From: "Bernhard Riegel (sdm)" <Bernhard.Riegel at sdm.de>
> *       Subject: NT logon with ipchains
> did anyone try a domain logon from a NT client over IP-masquerading
> (using kernel 2.2.5 and ipchains)?
> Setup:
> NT domain   ---     Linux Box      ---    NT Client
> PDC                 kernel2.2.5
>                     ipchains
> official IPs        eth0:official IP
>                     eth1:private IP       private IP
>                     forwards everything
>                     from eth1 to eth0
>                     with -j MASQ
> Everything else works fine in my setup, including smb, but the logon to
> the existing NT domain fails, because the primary domain controller can
> not find the NT client behind the linux box.
> Bernhard Riegel


 Bernhard Riegel                mailto:bernhard.riegel at sdm.de

More information about the samba mailing list