[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Netbios NAT Issue (bug?) in NG
> Here's the problem - > Like I mentioned before, there's an Internal WINS server. When a system > on the DMZ, for example dmz1, tries to talk to dmz2 it queries the internal > WINS server 170.153.x.x for the IP address of dmz2. The internal WINS > server replies with info about dmz2, specifically a netbios name response. > We've sniffed it, and can see that the server replies correctly with the IP > 192.168.50.20 in the payload. Unfortunately the packet goes through the > firewall and it's payload (NOT the IP header, src and dst are untouched) is > NATTED! The paylod of the packet is the IP that I use in the automatic NAT > rule, not the IP of the server. This is especially bad since I have manual > NAT rules above the Auto NAT rules. There is an option in one of the config files that basically says don't NAT NetBIOS payloads. Since it sounds as if you do not need access to NBT through a NAT, then turning it off should not be a problem. I do not remember the option off the top of my head, though I believe adding the following to the :props( section of objects.C: :netbios_nat (false) will solve your problem. (Borrowed from www.phoneboy.com) -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|