Software Distributor: Firewall Configuration Cookbook

1. Log in as root on SystemA (agent).

2. Edit the /var/adm/sw/defaults file:

swinstall.rpc_binding_info = ncacn_ip_tcp:[2121]

swcopy.rpc_binding_info = ncacn_ip_tcp:[2121]

swremove.rpc_binding_info = ncacn_ip_tcp:[2121]

swconfig.rpc_binding_info = ncacn_ip_tcp:[2121]

swverify.rpc_binding_info = ncacn_ip_tcp:[2121]

swlist.rpc_binding_info = ncacn_ip_tcp:[2121]

swreg.rpc_binding_info = ncacn_ip_tcp:[2121]

swacl.rpc_binding_info = ncacn_ip_tcp:[2121]

swjob.rpc_binding_info = ncacn_ip_tcp:[2121]

swacl.rpc_binding_info = ncacn_ip_tcp:[2121]

ports. This is set at the swagentd process startup.

To set the swagentd port range, perform the following steps:

1. Log in as root on SystemA (agent).

2. Insert two lines in the file /sbin/rc2.d/S870swagentd before /usr/sbin/swagentd -r, so that

file contains the four lines shown grouped together below. Lines 1 and 2 of these four lines

are the added ones, lines 3 and 4 are pre-existing lines. The new lines restrict DCE/RPC

connections to the range 4000-4009. The insertion location in the file will be after

approximately line 77 of 188:

vi /sbin/rc2.d/S870swagentd

# Specify DCE/RPC ports to allow firewall access.

/sbin/rc2.d/S870swagentd start

5. Repeat steps 1-4 on SystemB (controller).

Section 5: Testing Connectivity

Once firewall and SD configuration has been completed, conduct connectivity tests between the

systems. Since all SD communication is limited to the allowed port range, all SD commands

MUST be preceded with the allowed port range. For example to conduct a swlist on SystemA

from SystemB, use the following syntax:

export RPC_RESTRICTED_PORTS="ncacn_ip_tcp[4000-4009]" /usr/sbin/swlist

-l bundle @ SystemA

This will limit the swlist command to respond only within the allowed DCE/RPC port ranges.