SLP lookup with the Novel Client for Linux does not work

  • 3103794
  • 28-Feb-2007
  • 10-Jun-2013

Environment


Novell Client for Linux 1.0.0 Login

Situation

When [trees] is selected in the login windows for the Novell Linux Client, it returns an empty result.

The reason is that if SuSEfirewall2 have been enabled it will block SLP lookup. What happens is that when [trees] are selected in the login window, it will send out a request (broadcast) for DA to provide this information, but incoming trafic is being blocked, as the incoming trafic is a unicast and therefor does not have any relation to the outgoing request.

Resolution

The solution is to add two entries to the firewall with allow ingoing trafic on port 427 both TCP and UDP.

  • Modify /etc/sysconfig/SuSEfirewall2 change:
From:
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""

To:
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
#FW_CUSTOMRULES=""

  • Modify /etc/sysconfig/scripts/SuSEfirewall2-custom, and infw_custom_before_denyall() add:
iptables -I INPUT 1 -j ACCEPT -p udp --sport 427
iptables -I INPUT 1 -j ACCEPT -p tcp --sport 427



Additional Information

Entries in /var/log/firewall look like this:
kernel: SFW2-INext-DROP-DEFLT IN= OUT= MAC= SRC= DST= LEN=108 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=427 DPT=1026 LEN=88

06/10/13 - Casper Pedersen - removed bug / internal change log

Feedback service temporarily unavailable. For content questions or problems, please contact Support.