Home

Results 1 to 4 of 4

Thread: Filtcfg for NCP and SLP

Hybrid View

  1. #1
    HeCtOr NNTP User

    Filtcfg for NCP and SLP

    I am trying to only allow port 524 and port 427 only to my NetWare servers.

    For some reason Filtcfg does not come pre-defined with NCP or SLP so I have
    to create my own port entry.

    1. For the definition does each port allow ANY connection? Or does NCP only
    talk 524<->524.
    2. Same for SLP.



  2. #2

    Re: Filtcfg for NCP and SLP

    HeCtOr wrote:

    > I am trying to only allow port 524 and port 427 only to my NetWare
    > servers.
    >
    > For some reason Filtcfg does not come pre-defined with NCP or SLP so
    > I have to create my own port entry.
    >
    > 1. For the definition does each port allow ANY connection? Or does
    > NCP only talk 524<->524.


    Inbound and Outbound NCP connections will look like:
    1024-65535 -> 524

    Keep in mind that you need rules two ways as all servers on either side
    of the firewall can initiate a connection

    > 2. Same for SLP.


    Depends. If you use a DA then it will talk to the DA using 1024-65535
    -> 427. If you don't use a DA it relies on multicast and you'll need to
    allow that. I think it uses 224.0.1.22 but I could be wrong


    --
    Cheers,
    Edward

  3. #3
    Join Date
    Aug 2007
    Location
    Luxembourg
    Posts
    5,142

    Re: Filtcfg for NCP and SLP

    For both NCP and SLP, be aware that both protocols can be used on UDP and
    TCP.
    For NCP, Novell clients will only use TCP by default. However some server
    to server traffic could potentially be UDP and also Linux machines using
    ncpmount will use UDP by default unless you explicitely specify tcp in the
    ncpmount command.
    For SLP, you will typically see both UDP and TCP traffic and you should
    enable both. As far as I know, Novell products use 427 as source and as
    destination port, but this may not be the case for all SLP traffic.
    Overall, be aware of the potential negative side effects of enabling
    filtering. For instance, workstation trying to make CIFS connections
    before trying NCP will slow down. This is because without firewall, the
    NetWare server will explicitely refuse the CIFS connection and the client
    will notice immediately and give up. With firewall, the NetWare doesn't
    reply at all and the client will have to wait for a timeout before giving
    up.

    --
    Marcel Cox
    http://support.novell.com/forums
    ------------------------------------------------------------------------
    Marcel Cox's Profile: http://forums.novell.com/member.php?userid=8

  4. #4
    HeCtOr NNTP User

    Re: Filtcfg for NCP and SLP

    Thank you Marcell and Edward.
    "Marcel Cox" <Marcel_Cox@no-mx.forums.novell.com> wrote in message
    news:iOoBm.18574$7G7.17397@kovat.provo.novell.com. ..
    > For both NCP and SLP, be aware that both protocols can be used on UDP and
    > TCP.
    > For NCP, Novell clients will only use TCP by default. However some server
    > to server traffic could potentially be UDP and also Linux machines using
    > ncpmount will use UDP by default unless you explicitely specify tcp in the
    > ncpmount command.
    > For SLP, you will typically see both UDP and TCP traffic and you should
    > enable both. As far as I know, Novell products use 427 as source and as
    > destination port, but this may not be the case for all SLP traffic.
    > Overall, be aware of the potential negative side effects of enabling
    > filtering. For instance, workstation trying to make CIFS connections
    > before trying NCP will slow down. This is because without firewall, the
    > NetWare server will explicitely refuse the CIFS connection and the client
    > will notice immediately and give up. With firewall, the NetWare doesn't
    > reply at all and the client will have to wait for a timeout before giving
    > up.
    >
    > --
    > Marcel Cox
    > http://support.novell.com/forums
    > ------------------------------------------------------------------------
    > Marcel Cox's Profile: http://forums.novell.com/member.php?userid=8




Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •