[techtalk] NT domain authentication through a Linux firewall

curious curious at curious.org
Wed Aug 16 10:27:00 EST 2000


Netbios has some "features" that make it difficult to NAT esp. if your
using windows Domains or WINS...
to properly utilize this "feature" to your advantage check out:
http://www.linuxplanet.com/linuxplanet/print/1159/

 /"\  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
 \ /   ASCII Ribbon Campaign      curious at curious.org
  X   - NO HTML/RTF in e-mail     http://www.curious.org/
 / \  - NO Word docs in e-mail    "This quote is false." -anon

On Wed, 16 Aug 2000, Caitlyn Maire Martin wrote:

> 
> Hi, everyone,
> 
> OK, here is what my problem has boiled down to, and I'm not sure if it's a
> Linux issue or an NT issue, but I think it's Linux/firewall.  I have an NT
> Terminal Server on the DMZ and everything else behind the firewall.  I am using
> ipchains/ip masquerading to control outbound traffic, and that's all good.  I'm
> using ipportfw and ipmasqadm to allow limited inbound traffic, including domain
> authentication.  The firewall box, in case you missed my last message, is
> Caldera 2.4 with the security patches applied to the 2.2.14 kernel.  It's the
> authentication that's failing, and I bet I'm missing opening something, but
> according to all the NT docs I have, it doesn't look that way.
> 
> I know I am opening the ports correctly, because I can open/close telnet (port
> 23) to a Linux box behind the firewall, and it works properly.  I have opened
> tcp ports 135, 137, and 139, and UDP ports 137 and 138 as per the following
> lines in my rc.firewall file:
> 
>    ipmasqadm portfw -f
>    ipmasqadm portfw -a -P udp -L 0.0.0.0 137 -R 192.168.0.23 137
>    ipmasqadm portfw -a -P udp -L 0.0.0.0 138 -R 192.168.0.23 138
>    ipmasqadm portfw -a -P tcp -L 0.0.0.0 139 -R 192.168.0.23 139
>    ipmasqadm portfw -a -P tcp -L 0.0.0.0 135 -R 192.168.0.23 135
>    ipmasqadm portfw -a -P tcp -L 0.0.0.0 137 -R 192.168.0.23 137
> 
> Am I missing a port or something?  Am I overlooking something simple and stupid?
> 
> I just can't wait for the 2.4 kernel with netfilter and a true 1:1 NAT, but
> right now I have to make this work.  It's been quite the learning experience.
> 
> Any suggestions are, as always, appreciated.  
> 
> Best,
> Caity
> 
> Caitlyn M. Martin
> NetFerrets
> caitlyn at netferrets.net
> 
> 
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk
> 






More information about the Techtalk mailing list