Configuring FacetWin Terminal for a Different TCP Port

Configuring FacetWin for a Different TCP Port

The FacetWin Terminal client by default connects to the UNIX NetBIOS Session Server ("fct_nbsd") on TCP port 139. This is the same port used for regular Windows File & Printer Sharing (SMB networking) and is often blocked by firewalls to protect against many well-known Windows vulnerabilities. You can configure the FacetWin server and the client to connect using an alternate port by setting up the UNIX server to listen on the alternate port and then telling the FacetWin Terminal client the alternate port number. This alternate port only works for FacetWin Terminal Emulator VTP client sessions only and not for Windows File & Printer Sharing connections.

To do this...

On the UNIX Server:

You must be using FacetWin Version 3.1.e (Build 444) or later.

Define the alternate port in the "services" file.

Add the following line to the /etc/services file:

     vtpport        7013/tcp          # FacetWin Alternate VTP port

where "7013" is the unused port number you want to use.

Configure the "inetd" daemon to listen for new service

FacetWin does not attach to the TCP port and wait for incoming connection. We instruct the inetd daemon to do this for us. This can be done by editing the /etc/inetd.conf file. Just copy the "fct_nbsd" line that is already in "inetd.conf" and change the port name at the beginning of the line to be your new port name, and change the name of the program at two places at the end of the line to fct_vtpd:

    #### FacetWin ####
    nb-ssn    stream   tcp  nowait  NOLUID  /usr/facetwin/sys/fct_nbsd  fct_nbsd
    vtpport   stream   tcp  nowait  NOLUID  /usr/facetwin/sys/fct_vtpd  fct_vtpd
    #### FacetWin ####

Get the "inetd" daemon to reread its configuration file.

This is done by sending the inetd process a SIGHUP (hangup signal). First use the ps command to locate the inetd process like this:

        ps -e | grep inetd

The process ID (PID) is the very first number on the line that is returned. Now, issue a "kill -1" on that process, like this:

        kill -1 INETD_PID

where "INETD_PID" is the process ID number of "inetd" we obtained from the ps command.

Verify that the UNIX server is listening on the port.

This can be done using a netstat command like this:

        netstat -na | grep VTPPORT

where VTPPORT is the port number you used in step 1. This should generate output like this:

        tcp    0   0  *.7013       *.*             LISTEN

Note: This will open up TWO FacetWin service ports for access. One will be blocked by the firewall but still accessible by the LAN connections and the other will be accessible by both the firewall and the LAN connections.
Be sure to notify users of the port number that is being used for the FacetWin Alternate VTP port so that they can specify this port number on the "Advanced" page of the emulator's property sheet.

When connecting across the internet, we recommend the FacetWin Security Pack. This is an optional add-on to FacetWin. The Security Pack replaces the standard FacetWin terminal emulator. The FacetWin Security Pack includes:

login and passwords
complete emulation conversations

Standard FacetWin client/server implementation employs the highly secure manual key exchange

The FacetWin Security Pack manual is available in PDF format for download from the FacetCorp Documentation webpage.

This optional FacetWin add-on may be ordered as follows:

New FacetWin Customers: Purchase a normal FacetWin license PLUS FacetWin maintenance (about 15% of the license price). See Where to Buy.
Existing FacetWin Customers Under Maintenance: Free of charge. Just contact FacetCorp to order the free Security Pack CD-ROM.