Netbios and NAT

[xnyer]

Does anyone know how to get around the issue of Netbios and NAT? The actually issue is you can not use NETbios over TCP/ip in NAT. Besides reconfiguring the entire domain, does anyone have another solution?

 

[John Lewis]

The Netbios protocol works fine with NAT when layered over TCP/IP. Netbios broadcasts do not, but that is not a NAT issue so much as a subnet issue.

If you have a domain set up, it should not matter. The PDC will take care of all of the stuff that would normally be handled by broadcast. If you are configured as a workgroup instead, you need a WINS server. Alternatively, you could provide each host with a lmhosts file.

Could you give a better idea what you are trying to do? Are you using a domain or a workgroup? What resources to you have available (NT or 2000 Server, Linux server, etc)? Are the NAT connections coming across the internet?

 

[xnyer]

What we are trying to do is expand basically. We set up a NAT because we are running out of IP addresses for the company and yes there are subnets too. What I need to do is to find away around the issue of NETBios over TCP/IP. As you know with NAT NETBios over TCP/ip does not allow you to see the domain and because of this, there is an issue of logging on to the domain. The domin is not available to authenticate users. Interestingly enough I've found if I place a BDC in the area users are able to log in (well testing anyway) but the BDC can not see the domain and I'm not sure if proper synchronization is taking place. Unfortunatly, we are still working in an NT domain with 2000 prof as the desktop OS. There are linux machines too.

LMhost files are not working either. This NAT is internal although the gateway allows internet access. To try and simplify this I've taken an IP address from my domain and used it to produce the NAT. Much like DSL and the internet via a router. I hope I've clarified this for you.

Thanks for the help.

 

[John Lewis]

You're running out of private ip's??? Why not just expand your subnet? If, for inatnace you are using 192.168.1.xxx with a mask of 255.255.255.0, change your mask to 255.255.0.0 and you can use 192.168.xxx.xxx as a subnet. You wouldn't have to deal with translation and the domain across subnet would become a non-issue.

If you have a block of public ip's, would change things somewhat, but I still don't think I would do NAT internally. More connections to keep track of, eventually would be a problem. I would configure some of the computers on a separate subnet with private ip's and use a router between the two. You could NAT those computers out to the internet if you needed to.

If you do this, you will still need a BDC on each subnet. Login broadcasts never (almost) span subnets, so you have to have a DC on each subnet. The DCs have to be directly connected, ie they have to have at least one interface that is on a common subnet. An alternative would be to replace the router with a bridge across the subnets. If the subnets are sparsly populated, that is not a bad plan, but generally it creates a lot of broadcast traffic that you could do without.