Microsoft KB Archive/238962

= Configuring Microsoft Services for UNIX to Run on Proxy Server 2.0 and Proxy Clients =

Article ID: 238962

Article Last Modified on 9/30/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Windows NT Services for UNIX Add-On Pack

-



This article was previously published under Q238962



SUMMARY
This article describes how to set up Proxy Server 2.0 and Winsock Proxy clients to run Microsoft Services for UNIX (SFU) more efficiently.



Running SFU on a WinSock Proxy Client
After installing SFU on a client computer that already has the Winsock Proxy client installed, SFU should run normally with no additional configuration required on the client or the Proxy server. The user must have appropriate access if Access Control is enabled.

Running SFU on the Proxy Server
After you install SFU on the Proxy server, additional configuration is required to ensure connectivity to external UNIX hosts. Internal UNIX host connectivity should not be affected if the local address table (LAT) is configured correctly. The following two methods describe how to configure SFU to run on a Proxy server:

Method 1: Create a Custom Filter to Distinguish by Host Address

 * 1) Right-click any Proxy service (Socks, Web, or Winsock Proxy), and then click Properties.
 * 2) On the Services tab, click Security.
 * 3) On the Packet Filters tab, click to select the Enable Packet filtering on the External Interface and Enable dynamic packet filtering of Microsoft Proxy Server packets check boxes.
 * 4) Click Add to configure a custom filter.
 * 5) Create a custom Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) filter with the following settings:
 * 6) * Protocol ID: (TCP or UDP depending on which one you are configuring)
 * 7) * Direction: Both
 * 8) * Local Port: Any
 * 9) * Remote Port: Any
 * 10) * Local Host: Default Proxy external IP address
 * 11) * Remote Host: Single Host (IP address of remote UNIX host)
 * 12) Click OK, click OK, and then click Apply.

At this point, all TCP and UDP traffic is enabled between the Proxy server and the UNIX host specified in the custom filter. You should create a custom filter for each UNIX host to which Windows needs to connect using SFU.

Method 2: Custom Filters to Support UNIX Services
The primary UNIX services that need to be considered include (note that a Solaris 2.6 NIS server is used in this example): Rpcbind, Ypserv, Network File System (NFS), and Mountd. To determine on which ports these services are running, type rpcinfo -p localhost on the UNIX host. As an example, the following custom filters support the required services to connect to a Solaris 2.6 NIS server.
 * 1) Filter to support Rpcbind (TCP/UDP port 111)
 * 2) * Protocol ID: TCP/UDP
 * 3) * Direction: Both
 * 4) * Local Host: any
 * 5) * Remote Port: Fixed Port: 111
 * 6) * Local Host: Default Proxy external IP address
 * 7) * Remote Host: Any host
 * 8) Filter to support Ypserv (TCP/UDP ports 715/716)
 * 9) * Protocol ID: TCP/UDP
 * 10) * Direction: Both
 * 11) * Local Host: any
 * 12) * Remote Port: Fixed port: 715/716 (one for each)
 * 13) * Local Host: Default Proxy external IP address
 * 14) * Remote Host: Any host
 * 15) * Protocol ID: UDP
 * 16) * Direction: Both
 * 17) * Local Host: any
 * 18) * Remote Port: Fixed port: 32771
 * 19) * Local Host: Default Proxy external IP address
 * 20) * Remote Host: Any host
 * 21) Filter to support NFS (UDP port 2049)
 * 22) * Protocol ID: UDP
 * 23) * Direction: Both
 * 24) * Local Host: any
 * 25) * Remote port: Fixed port: 2049
 * 26) * Local Host: Default Proxy external IP address
 * 27) * Remote Host: Any host
 * 28) Filter to support Lockd (TCP/UDP port 4045)
 * 29) * Protocol ID: TCP/UDP
 * 30) * Direction: Both
 * 31) * Local Host: any
 * 32) * Remote Port: Fixed Port: 4045
 * 33) * Local Host: Default Proxy external IP address
 * 34) * Remote Host: Any host
 * 35) Filter to Support Mountd (TCP port 32839 and UDP port 32821)
 * 36) * Protocol ID: TCP
 * 37) * Direction: Both
 * 38) * Local Host: any
 * 39) * Remote Port: Fixed Port: 32839
 * 40) * Local Host: Default Proxy external IP address
 * 41) * Remote Host: Any host
 * 42) * Protocol ID: UDP
 * 43) * Direction: Both
 * 44) * Local Host: any
 * 45) * Remote Port: Fixed Port: 32821
 * 46) * Local Host: Default Proxy external IP address
 * 47) * Remote Host: Any host

You may also require a custom filter to support Telnet from the Proxy server itself. To accomplish this, add a custom filter as follows to support Telnet on port 23:
 * Protocol ID: TCP/UDP
 * Direction: Both
 * Local Host: any
 * Remote port: Fixed port: 23
 * Local Host: Default Proxy external IP address
 * Remote Host: Any host

Once you have added the appropriate custom filters to the Proxy server, normal functionality within SFU should be present. If not, the best method for troubleshooting connectivity issues is to disable packet filtering on the Proxy server external interface and take a trace using the Network Monitor tool to determine which ports are being requested on the client and UNIX server side. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

148942 How to Capture Network Traffic with Network Monitor

For more information about SFU, visit the following Microsoft Web site:

http://www.microsoft.com/technet/archive/winntas/deploy/depopt/sfuwp.mspx

For more information about Proxy Server, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=661