Page 1 of 1

How to NAT smb from one network to another in ROS?

Posted: Mon Dec 01, 2008 4:05 pm
by radocicala
Hi, I have problem to set NAT. I set it like this but doesnt work:
 0   chain=dstnat action=dst-nat to-addresses=10.15.17.5 to-ports=0-65535 
     in-interface=WAN dst-address=192.168.76.4 
WAN - is interface where samba server is(192.168.76.4), here is also internet
LAN - is interface where computer 10.15.17.5 is

I dont want to get internet on 10.15.17.5, only communication between that samba server and computer.

smbserver --------> mikrotik(here I need to set up NAT) ---------> PC
(192.168.76.4) WAN (10.85.17.1/192.168.76.99) LAN (10.85.17.5)


I made masquerade, like this:
 chain=srcnat action=masquerade out-interface=WAN src-address=10.15.17.5
communication worked, but also Internet, what I dont want

this showed me when I torched:
Image
I dont understand why is there port 139, when samba should run over 445, or ?

Re: How to NAT smb from one network to another in ROS?

Posted: Tue Dec 02, 2008 1:02 am
by gmsmstr
SMB runs on

TCP 135-139 and 445
UDP 135-139 and 445

So , it can be on any of these ports that I communicates at. I don't know, how and why it picks what port or the detail behind it. With that said, looks like you have a connection established, is that NOT what you want?

Also, keep in mind that some ISPs block netbios traffic as well.

Re: How to NAT smb from one network to another in ROS?

Posted: Tue Dec 02, 2008 1:14 am
by radocicala
Yes I know but both networks are mine, I want to get communication from Server(is in network I get internet to other network where is pc I want to get there that samba communication). It can be done using masquerade. But I was thinking if it is possible simplier way. Because If I use masquerade, all comunication from that network goes to that PC - and I dont want this. The only thing that I can propably do is to do that masquerade and in firewall block all communication to that pc except from that samba server, or could you help anything better?

Re: How to NAT smb from one network to another in ROS?

Posted: Tue Dec 02, 2008 1:15 am
by gmsmstr
You would just send those ports in vs everything like you have now.

Re: How to NAT smb from one network to another in ROS?

Posted: Thu Dec 04, 2008 1:48 am
by mstead
I don't think you can NAT samba. I researched this a long time ago and if I remember correctly the problem is that the data payload contains IP information - and NAT will only modify the headers of a data packet not the contents.

Malcolm

Re: How to NAT smb from one network to another in ROS?

Posted: Thu Dec 04, 2008 3:20 pm
by Chupaka
as far as I remember, we have successfully nated samba when we need it... the task was to redirect some of the customers to another samba server with one share named 'Access denied' =)

Re: How to NAT smb from one network to another in ROS?

Posted: Thu Dec 04, 2008 3:34 pm
by mstead
Chupaka. What you describe is not really NAT but rather working with Samba to redirect. This was the direction I was heading in when I gave up due to time constraints.

What I'm saying is that to just NAT traffic to a different Samba server does not work for the reasons I already gave. As far as I could see you can only route samba.

Malcolm

Re: How to NAT smb from one network to another in ROS?

Posted: Thu Dec 04, 2008 4:04 pm
by Chupaka
what I said about is that we made Dst-NAT, and when user opens \\1.2.3.4, in fact he gets contents of \\5.6.7.8 server. isn't it NAT? %)