Implementing NWLink IPX/SPX NetBIOS Compatible protocol in a Windows XP PE (PreBoot Environment bootable CD.

pts.
Tags:
NetBIOS
Novell IPX/SPX
I have always, for security reasons avoided binding File and Print Sharing for Microsoft Clients to TCP/IP in my small office network. With Windows 2000 I used instead NetBEUI and now with Windows XP I am using the NWLink IPX/SPX NetBIOS Compatible protocol for File and Print Sharing. Recently I have been trying to implement the Norton Ghost Recovery CD, which enables one to boot the computer with a Windows PE based bootable CD, and access a drive image stored on another machine on the network and restore that image to the machine with a damaged Windows installation. Symantec has made a custom Recovery CD for me which included the Network adapter drivers which were not included in the shipping product for my Intel and 3Com Ethernet adapters. Since they are in the mood to make custom CD's for me, I would like them to also include the IPX/SPX protocol since their boot CD currently requires File and Printer Sharing for Microsoft Networks to be bound to TCP/IP on the machine containing the image files in order to connet to it from the machine you are booting from the Windows PE based Recovery CD. So my main question is what files would they have to add to the CD in order to enable IXP/SPX to work also, and in order for me to understand what is involved to explain it to them I need to know some more about IPX/SPX. There seems to be very sparse documentation about this in the Microsoft Technet or on Novell's site. One question I would like to know is how IPX/SPX routing is implemented. Since it doesn't use IP address based routing what does it use? I have four machines connected to a LinkSys BEFSR81 Cable DSL Router, using the router as a DHCP server which dynamically assigns private IP addresses to the machines in the range 192.168.1.10X. I have discovered that supposedly you can see the configuration of your IPX/SPX routing by typing "ipxroute /config" at a command prompt. When I do that, I get a table like this: Num Name Network Node Frame ========================================================= 0. Internal 79f52926 000000000001 [None ] 1. IpxLoopbackAdapter 79f52926 000000000002 [802.2] 2. Local Area Connection 00000000 000fd61b7fa9 [802.2] 3. NDISWANIPX 00000000 e4d020524153 [EthII] - Legend ====== - down wan line That table is garbled by line wrap, but those of you with expertise in this area will understand it I think. I had installed and activated the RIP Listening service... you have to install RIP Listener from Windows Components additional networking features. and also in Windows Firewall (if you use that) Microsoft says in their Help that you have to go to the Windows Firewall Exceptions Tab to open UDP Port 520 with the Name "520 port opening for RIP Listener" and then [My improvement] click the "Change Scope" button and set it for "My Network (subnet only)". Discovering this made me wonder... where *does* the routing information come from when I am using an IPX/SPX protocol? If I enable the connection log in my LinkSys router and examine the outgoing connections log, I see something like this: LAN IP Address Destination URL/IP Port 192.168.1.101 224.0.0.9 520 192.168.1.102 224.0.0.9 520 192.168.1.103 224.0.0.9 520 192.168.1.104 224.0.0.9 520 What would this Destination URL/IP of "224.0.0.9" be? It is not pingable.... When I read all the documentation I can find on IPX/SPX routing, it appears that there must is some sort of addressing aside from name resolution, but what that is or how to use it I can find no information about. I also appear to be seeing contradictory information about whether I need to be using the SAP (Service Advertising Protocol) under Windows or not.... some places seem to indicate I need it for IPX/SPX and other places seem to say that I only need to use that if I am actually connecting to a Novell network. I have looked for books on this subject I could buy, but have found none that seem to go into this topic in the depth or detail I need on the inner workings of this protocol to be able to really understand it, so I hope someone with experience in this area can explain it to me or point me to a publication that I can obtain. Aside from wanting/needing to understand the operation for my own network stability, if I hope to be able to get Symantec to implement IPX/SPX on their recovery CD I need to know exactly what to tell them to do, as in put File X here and File Y there, etc. I would be very appreciative of any help this group can provide me! Regards, Dave Martin dave@comclark.com

Answer Wiki

Thanks. We'll let you know when a new response is added.

Dumb question…. why are you using IPX at all? I don’t see any mention of NetWare servers in your post. And if memory serves me, IPX on its’ own is no more secure than NetBEUI. It’s also a major pain in the rump to get working in a pure Windows environment.

I’m not trying to steer you off in a tangent, but if you could let us know what your rationale for wanting to secure your shares in the first place, I would appreciate it.

Cheers

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Bobkberg
    I agree with sonotsky - NetBEUI would be a better choice for local file/print sharing than IPX. It's small, fast, and from a security point of view, non-routable. To give you a partial explanation - IPX (Well, Netware) used SAP (Service Advertising Protocol) to advertise services from servers before coming up with their Directory Service in Netware 4 and newer. This is NOT appropriate for a Windows file sharing environment - and further, is intended to allow for redistribution across multiple networks - which doesn't seem to describe your situation. Also, it's VERY chatty - I recall seeing WAN links saturated by this traffic - to the point where business couldn't get done. Bob
    1,070 pointsBadges:
    report
  • Guardian
    Let me come back to you,as i have both win2000 servers and Novell servers on my network. Newton nmbazima@playtime.co.zw
    900 pointsBadges:
    report
  • Sonotsky
    Hmm.... I may be wrong, but I *think* NetBIOS is enabled by default in XP, if you use DHCP to obtain an IP address. Check your adaptor's TCP/IP Advanced settings, on the WINS tab. It should be set to Default or Enabled. With this setting, you do not need a secondary protocol, just TCP/IP. You can then set up XP's built-in firewall to allow access to the NetBIOS port (I *think* you need to open 137, 138, and 139) to restrict access to other ports on your box. Viola, your PE CD should be good to go. But this doesn't really address your need for security on the XP box itself; if you haven't already done so, you should invest in a hardware router to put between your LAN and the Internet. You can get a decent, non-wireless one for ~$50. If you're looking for a way to protect your share from *internal* accesses (e.g., from inside your LAN), then you need to look into a software firewall and lock down to the single IP that will access your share. Cheers
    695 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following