We will need several things to get this to work. First of all we need a Linux kernel capable of port forwarding, like the 2.2.x kernels which are capable of port forwarding without any patching. The 2.0.3x kernels will need to be patched. To find out how to do this have a look at this page:
http://www.ox.compsoc.org.uk/~steve/portforwarding.html
Compile a kernel with the port forwarding feature enabled.

Next we will need the samba source. Follow a link from the Samba home page to download the source from your nearest mirror.

And we need the nbfw patch. This can be obtained from
http://malt-whisky.student.utwente.nl/nbfw/download.html

Next we need to patch the samba source:

cd /usr/src/samba-2.0.x/source
patch -p0 < /tmp/nbfw-0.28/nbfw.diff

Finally we need to build the nbfw-patched version of samba. Do this in the same way that you would normally build samba...i.e., enter the source directory and enter

./configure
make
make install

You then edit the makefile, after the ./configure stage, to amend the locations of samba's various support files. All being well, we should now have built samba, and also the nbfw-enabled versions of the samba daemons (nmbdnbfw and smbdnbfw).

Next, we will need to create our smb.conf file. The default path to this file is /etc/smb.conf.

Something like this should work fine as a starting point:

[global]
   workgroup = DOMAIN
   server string = Samba Server
   share modes = yes
   interfaces = 192.168.2.1/24 192.168.1.1/24
   nbfw backend hosts = 192.168.1.2 192.168.1.3
   nbfw deny hosts =
   nbfw netbios names = "DOMAIN" BACKEND-2 BACKEND-3 USER-2 USER-3
   encrypt passwords = yes
   name resolve order = lmhosts bcast
   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096

[tmp]
   comment = Temporary file space
   path = /tmp
   read only = no
   public = yes

Notes: