Novell is now a part of Micro Focus

NetWare IP Sockets

Articles and Tips: qna

01 Dec 2001


Q.

It is my understanding that by default McAfee VirusScan 6 for Windows installs with a copy of McAfee Firewall, and this by default screens out the IP-protocol traffic required for NWClient over IP.

Would you know anything about this, and could you direct me to where I can find more information?

Firewalled Out in Farmington

A.

Dear Firewalled: The Internet protocols TCP and UDP are both used by NetWare 5.x and NetWare 6 for Pure IP connectivity. The following ports are used for such communication:

  • TCP 524 - NCP Requests - Source port will be a high port (1024-65535)

  • UDP 524 - NCP for time synchronization - Source port will be a high port

  • UDP 123 - NTP for time synchronization - Source port will be the same

  • UDP 427 - SLP Requests - Source port will be the same (427)

  • TCP 427 - SLP Requests - Source port will be the same (427)

  • TCP 2302 - CMD - Source port will be a high port

  • UDP 2645 - CMD - Source port will be the same (2645)

An expanded description of the port usage follows:

NCP Requests - TCP 524 If you are running in Pure IP mode (not in compatibility mode (CMD)) and are not dependant on SLP for locating your servers, all communication will happen on this port. If you create an exception to allow a destination TCP port 524 coming in to the NetWare server and a source TCP port 524 going out from the NetWare server, you will be covered. The actual source port used by the client making contact to the server will be a high port (1024-65535).

SLP Requests - TCP & UDP 427 If you would like to locate your servers through SLP, then you will need to allow communication through TCP and UDP port 427. Both the source and destination will be port 427. The User Agent (UA) will contact the Service Agent (SA) or Directory Agent (DA) using a UDP packet. If the response is larger than one packet can hold it will respond with as much data as it can and set the overflow bit. The UA will then connect via TCP and will make the same request again to get the complete response.

CMD Communication - TCP 2302 & UDP 2645 CMD or Compatibility Mode Driver is necessary when an IP device must communicate to an IPX device or an application that is running requires a direct IPX interface. Both the source and destination ports will use the same port number. All communication destined for an IPX device through a Migration Agent (MA) will use UDP packets. Devices communicating to the MA for information on services available and routes to those services will use the following protocols:

  • A NetWare 5 server running SCMD to MA uses TCP

  • A 3.x Client running CMD to MA uses UDP

  • Two servers with a MA to MA setup uses UDP

Simply make sure your firewall is configured to allow the above mentioned ports to pass data in and out.

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates