NAT broadcast (netbios and stuffs, UDP 137)



  • Hi all,

    I'm looking for a way to nat broadcasts to another network.

    Here are my datas:
    My main network is 10.22.0.0/16 (igb1), I would like to make the broadcasts (like the ones for netbios (udp 137-139)) transfered to an other network 192.168.0.0/16 (igb2).

    Eg: A computer made a broadcast (IP destination 10.22.255.255:137), it should be forwarded to igb2 (IP destination 192.168.255.255:137), and also forward the answer back.

    10.22.255.255:137 -> pfsense -> 192.168.255.255:137

    I took it was an easy rule, but it's just not. I found a lot of answer for this problem but none had work. I tried to Proxy ARP, NAT and NAT 1:1 .. maybe I used wrong values :/

    Anyway, if you guys have any ideas regarding that, I'll be glad to read you :)

    Thanks,



  • Just an update: the reason why I would like to do that, is that the clients can "discover" the network automatically (appearing in network places), and then just click on it to connect. The nat rules (not for broadcast) work for that.



  • I prefer to kill broadcast and address everything by IP but this might work.  I've not tried it.  MIGHT.

    Services > DNS Forwarder
        check DHCP Registration, Static DHCP

    This should add all the names of all the machines on your network that advertise them to DNS.
        Check your status > DHCP leases to see if they all have hostnames provide or not.
        If not:
        You may want to give manual entries for each host on your network in Host Overrides also.
    I doubt it will let you "discover" networks across subnets, but it may let you address hostnames by a memorable name rather than IP
    Reboot after you enter the settings.
    No idea if this will do what you want.  Let me know.

    If you are really interested in full on windows networking and discovery to work well, might want to install a WINs server on both subnets.  Personally, I think bookmarking IPs is easier.
    I use SAMBA for WINS, but here is a nice microsoft article on the subject.
    http://technet.microsoft.com/en-us/library/cc722535.aspx
    Here is a nice link on SAMBA  (Don't install SAMBA on pfsense - You can, its just not smart)
    http://oreilly.com/openbook/samba/book/ch07_03.html

    "If you have a Samba server on a subnet that doesn't have a WINS server, and the Samba server has been configured with a WINS server on another subnet, you can tell the Samba server to forward any name-resolution requests with the wins proxy option:

    [global]
            wins server = 172.16.200.12
            wins proxy = yes

    Use this only in situations where the WINS server resides on another subnet. Otherwise, the broadcast will reach the WINS server regardless of any proxying."

    Like I said, bookmarking IPs is easier.  Far less hassle.



  • Bookmarking IPs will not work in my case, since applications we used have hardcoded network path (\server001\bla), but your answer combined with this sentence gave me an idea (see at the end).

    Your idea is very good, I didn't tought about that. When I put that in place, my clients can resolve name -> ip with nslookup (or host command) (it's a mac computer). This was an expected move, however, when I try to reach the server through the finder (smb://server001), it just time out.

    But, I just remind that computers have a hosts file which can do a local mapping (host <-> ip), I fill them and now it's working the way I want, even if it's not a "server" feature, it will work for me for now.

    That's only the first part of the solution needed, there is still no auto discover. I'll try to simulate that with Avahi, installed on the pfsense server, don't know if it's possible or not, I'll keep you informed.

    Your help was very helpful, thanks :)



  • I'm glad thats helpful.  I'm interested to see how it turns out.