Environment
Novell Client for Linux 1.0.0 Login
Situation
When [trees] is selected in the login windows for the Novell Linux
Client, it returns an empty result.
The reason is that if SuSEfirewall2 have been enabled it will block SLP lookup. What happens is that when [trees] are selected in the login window, it will send out a request (broadcast) for DA to provide this information, but incoming trafic is being blocked, as the incoming trafic is a unicast and therefor does not have any relation to the outgoing request.
The reason is that if SuSEfirewall2 have been enabled it will block SLP lookup. What happens is that when [trees] are selected in the login window, it will send out a request (broadcast) for DA to provide this information, but incoming trafic is being blocked, as the incoming trafic is a unicast and therefor does not have any relation to the outgoing request.
Resolution
The solution is to add two entries to the firewall with allow
ingoing trafic on port 427 both TCP and UDP.
- Modify /etc/sysconfig/SuSEfirewall2 change:
From:
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
To:
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
#FW_CUSTOMRULES=""
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
To:
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
#FW_CUSTOMRULES=""
- Modify /etc/sysconfig/scripts/SuSEfirewall2-custom, and infw_custom_before_denyall() add:
iptables -I INPUT 1 -j ACCEPT -p
udp --sport 427
iptables -I INPUT 1 -j ACCEPT -p
tcp --sport 427
Additional Information
Entries in /var/log/firewall look like this:
kernel: SFW2-INext-DROP-DEFLT
IN= OUT= MAC= SRC= LEN=108 TOS=0x00 PREC=0x00 TTL=64
ID=0 DF PROTO=UDP SPT=427 DPT=1026 LEN=88
06/10/13 - Casper Pedersen - removed bug / internal change log