DNATing Windows File Sharing

Robert Vangel vangelr at rfgt.net
Mon Jul 18 11:50:21 CEST 2005


Jan Engelhardt wrote:
>>Hello,
>>I would like to enable the right ports and DNAT the requests for File
>>Sharing on a internal windows box. The win2k3 has Active Directory
>>enabled and i want users to type \\domainname.com which will popup a
>>user/pass dialog and let them access the file server.
>>
>>I did the following, but it doesn't seem to work:
>>iptables -t nat -A PREROUTING -j DNAT -i eth0 -p tcp --dport 139 --to
>>192.168.1.2:139 
>>assuming "139" is NetBios
> 
> 
> Also try 445 instead of 139.
> 
> Then, if that still does not work, you maybe need to forward UDP 137.
> 
> 
> 
> Jan Engelhardt

All of the ports for windows file sharing you want to call it are..

135/tcp, 137/udp, 138/tcp, 139/udp, 139/tcp, 445/tcp

Some of them are for RPC things so you might not actually want them
open, but I don't know which specific one(s) they are.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : /pipermail/netfilter/attachments/20050718/379d893e/signature.bin


More information about the netfilter mailing list