Remote Site Cannot Connect
This recent problem I have that is somewhat related to that subject of IP
ports.
The mainframe guys which the iSeries talks to do not like the fact that
the i-Series is pushing a broadcast port 137 (netbios broadcast) onto
the subnet. It appears that this port is used for *NETBIOS and Client
Access PC's to use IFS Net Server and Windows File utilities.
I don't need *NETBIOS at all on this one comm card, but I don't think
there is a way to restrict some functions to just one comm card. And I
am not sure the effect of this outbound traffic if I start monkeying
with it . . . . Does anyone know
- if port 137 can be prevented by stopping one of the services in the
commands STRHOSTSVR or STRTCPSVR
- or if I make an entry in the CFGTCP > Work with Restricted IP Ports,
what would happen? I believe that this panel is really just for an
incoming port, being able to restrict it's use to just a single user,
not the outbound traffic)
- if I do stop *NETBIOS outbound, what are the unintended consequences?
"137 = NetBIOS name service. This is how NetBIOS-based services find
each other. On a NetBIOS network, these names uniquely identify the
machine and services running on the machine (and the IP address doesn't
matter). Machines find each other either using broadcasts or looking
them up in a centralized NetBIOS naming server (called a WINS server)."
http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm
- What is desired is to stop this outbound traffic on this one
Mainframe SNA-RJE-Enterprise Extender Comm Card, and not touch the other
"normal" Ethernet traffic on the other comm card (on a different
subnet).
- And Yes, we do use Windows Shared Folders in the IFS,
http://archive.midrange.com/midrange-l/201103/msg00982.html
so restricting port 137 would stop the CA400 functions.
Anybody got some ideas to try ?
- John V.
midrange.com
