[Samba] nmblookup and iptables

[Geoffrey Antos]

When I have my iptables based firewall running, I cannot get nmblookup
to locate any computers (Windows 98, Samba, Windows NT 4, or Windows XP)

I require tight firewall settings, because college students can cause
havoc on a network when its servers are not secure.

I need a way to get nmblookup to work without disabling the firewall.

The standard conntrack module does not work, because nmblookup sends out
a broadcast request (e.g. 192.16.100.255) but the reply comes from the
machine in question (e.g. 192.16.100.2)
Thus, conntrack determines that they are different connections, and
drops the netbios-ns reply.

I'm wondering if there is a simple solution.

I've got Samba 3.00beta2 on Gentoo Linux, but in this case I suppose it
doesn't matter.

I have a solution that is fairly simple, and would be nice to see in
Samba 3.1, whenever that might come out.

Write a libnmb.so that allows external programs to perform netbios tasks
such as requesting name lookups or status nodes on names or ip
addresses. Through some form of IPC, the library would notify nmbd, and
perform the operation, using its own socket, thus saving time with
socket creation and destruction.

Later on, functions to allow programs to register netbios names, and to
destroy them (but only names that they created), thus allowing programs
such as LinPopUp can register USERNAME<03>, just like Windows, and send
messages to them.

With these enhancements, it might even be possible to create linux
versions of other NetBIOS services in Windows.