Netscape DIRECTORY SERVER 6.1 Installation Manual page 35

• Enabling Port Filtering—The RPC services are not removed, as it may be
necessary for Microsoft software to make RPC connections on the loopback
interface. However, the RPC ports must not be accessible to other systems.
Open the Network window, select the Protocols tab, select TCP/IP, and click
Properties. Select Advanced and Enable Security. On the TCP/IP Filtering
window, permit only TCP ports 389 and 636 and the administration port
number, permit no UDP ports, and permit only IP protocol 6 (TCP).
If you have multiple interfaces, it may be necessary to repeat this for each
interface.
Note that after this change has been made, the Microsoft command-line FTP
client will no longer operate. This is because the Microsoft client requires the
FTP server to establish a connection in the reverse direction, and all non-LDAP
ports are blocked.
• Disabling IP Routing—On the TCP/IP protocol window, disable IP Routing.
• Disabling WINS Client—On the Devices window (Control Panel > Devices),
disable the WINS Client.
• Removing the OS/2 and POSIX Subsystem Keys From the Registry—Directory
Server does not require OS/2 and POSIX subsystems. Remove them by
performing the following registry actions with regedit.
Delete all subkeys of:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OS/2 Subsystem for NT
There is another key under CurrentControlSet\Control named
SessionManager, without a space in its name. Do not alter anything below that
key.
Operating System Requirements
Chapter 2 Computer System Requirements 35