Configuring filter exception for NTP Traffic

  • 10020134
  • 1.0.36602892.2379773
  • 25-Oct-1999
  • 07-Apr-2005

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Goal

Configuring filter exception for NTP Traffic

Fact

Novell BorderManager 3.5

Novell BorderManager 3.0

Novell BorderManager 2.1

Private NetWare Servers attempting to access a NTP server on the Internet

NAT and Filters configured on the Border Manager server.

Fix

Set up a stateful filter exception as follows:

AT THE SERVER CONSOLE DO THE FOLLOWING:
Load FILTCFG
Select "Configure TCP/IP Filters"
Select "Packet Forwarding Filters"
Select "Exceptions"
Press the "insert" key
Please follow the information below carefully to populate the fields with the proper information:

1.) NTP Request -ST -- This filter will allow outgoing NTP  request packets from the server on the private network to the public NTP server on the Internet.

Source Interface Type: Interface (Leave this at its default of "Interface")
Source Interface: Private press "enter" and select the  interface name of your Private network card)
Destination Interface Type: Interface (Leave this at its default of "Interface")
Destination Interface: Public (press "enter" and select the interface name of your public network card)
Packet Information: Packet Type: (press "enter" where is says "any")

(Now press "insert", which puts you in "Define TCP/IP Packet Type" area then do the following)
    Name: NTP Request ST (This is just a name we are giving this "Packet Type".)
    Protocol: UDP (Press "insert" to get the option list and then select UDP.)
    Source Port(s): 1024-65535 (These are the high ports used to make the request.)
    Destination Port(s): 123 (This is the destination port that the server is contacting.)
    Ack Bit Filtering: Disabled
    Stateful Filtering: Enabled
2
(After putting in the above information, press "ESC" or "Escape" and it will save this Packet Type definition.)
(Now select the Packet Type that you just created and press "enter", this will add it to the Exception)

-- The following is how it should now look--

Packet Information:
         Packet Type:NTP Request St Protocol: UDP
         Destination Port(s): 123
         Source Port(s): 1024-65535
         Source Address Type: Any Address
         Destination Address Type: Host
         Destination IP Address: (ip address of the NTP Server on the Internet)

(Press "escape" and select "yes" to save it)
Do the following:
UNLOAD IPXFLT, UNLOAD IPFLT, UNLOAD FILTSRV
Then do "REINITIALIZE SYSTEM" which will automatically load all three of them back up.