NAT + different subnets + NT domain = ???

[Stephen Langasek]

On Tue, 28 Sep 1999 Evgeny Roubinchtein wrote:

> I think I know what the problem is now.  The NT client sends a bunch of
> UDP packets to the PDC.  When the PDC sends a reply back, it apparently
> resolves the NetBIOS name to the IP address of the NT client.  In my case,
> it does so through a WINS database.  Unfortunately, the WINS database has
> the bogus, "behind-the-NAT-box" addresses of the NT clients in it, so the
> PDC's response gets sent to, for example 192.168.1.3, which of course is
> unroutable, so it just gets dropped.  I ran tcpdump on the PDC's subnet,
> and actually saw some packets with those bogus destinations, so the only
> part I am inferring is the NetBIOS name to IP address resolution.  I am
> not sure what the solution to this would be.  I would like to thank
> everyone for their suggestions and tips.

One possible solution: create a piece of WINS proxy software that sits on
the machine doing your NAT.  It would take incoming WINS packets from the
private network, rewrite them with its own IP, and forward them to the real
WINS server; then reverse the process when the WINS server replies.

This would probably mean that you couldn't run nmbd on the gateway machine,
which might hamper your ability to use it as a Samba server.  With a little
extra work, you could get nmbd to run on a different port, and have the WINS
proxy software hand off packets to the real nmbd as appropriate.

The easiest way to configure this would be to give the machines on the
private network the IP of the gateway machine as their WINS server.

I don't know if you would have to proxy port 139 as well.  If so, this would
be more difficult, but still doable.  This is a project I've been thinking
about for some time, but it hasn't gotten past the stage of a thought
experiment; I just don't have the time to work on it.  It would be great to
see someone else run with it, tho. :)

-Steve Langasek
postmodern programmer