Нужна консультация по Бордюру в Москве.

Обсуждение технических вопросов по продуктам Novell

Нужна консультация по Бордюру в Москве.

Сообщение Larico » 07 апр 2004, 12:42

Изучаем Бордюр (сейчас 3.7) есть куча вопросов.
Документацию конечно читаю, но скорость освоения - не та, которой хочется.
:?: Коллеги, есть ли у кого-нибудь из вас возможность подъехать (могу конечно и я к вам, но мне проще учиться на своей тестовой сети) и рассказать основы + настройка/администрирование. Хотя бы в кратце.
Естественно не за даром.

Мессадж можно сюда, в личное сообщение или в почту.

P.S. Курсы по бордеру пробиваю, но пока не светит :(
CNA 6 Certified;
Salesperson 2004
Аватара пользователя
Larico
 
Сообщения: 974
Зарегистрирован: 13 май 2003, 13:57
Откуда: Матрице все равно .....

Сообщение Lab » 08 апр 2004, 10:59

Larico
давай договоримся, после того как все к тебе приедут, ты приедешь к нам :)

Я хотел сказать, что общения в этом форуме (обсуждение часто "медленное") не хватает; я бы даже предложил встречаться раз в месяц на "семинары", возможно с пивом..
Lab
 
Сообщения: 196
Зарегистрирован: 08 дек 2003, 13:57
Откуда: Москва

Сообщение Мещеряков Андрей » 08 апр 2004, 11:26

Есть мысль купить книжку Beginner's Guide to BorderManager 3.x от Craig Johnson ..на англицком, ессно... А дальше - самиздат нам поможет :D , раз не хотят издатели.
Аватара пользователя
Мещеряков Андрей
 
Сообщения: 1999
Зарегистрирован: 19 сен 2002, 14:55
Откуда: lipetsk

Сообщение Larico » 08 апр 2004, 12:37

Мещеряков Андрей писал(а):Есть мысль купить книжку Beginner's Guide to BorderManager 3.x от Craig Johnson ..на англицком, ессно... А дальше - самиздат нам поможет :D , раз не хотят издатели.
А зачем её покупать? На диске с Border Managet 3.7 в папке с документацией этот труд лежит в PDF-е.
Я его даже распечатал - всего 150 страниц А4. Осталось только прочитать :wink:
CNA 6 Certified;
Salesperson 2004
Аватара пользователя
Larico
 
Сообщения: 974
Зарегистрирован: 13 май 2003, 13:57
Откуда: Матрице все равно .....

Сообщение Мещеряков Андрей » 08 апр 2004, 12:48

Larico писал(а):
Мещеряков Андрей писал(а):Есть мысль купить книжку Beginner's Guide to BorderManager 3.x от Craig Johnson ..на англицком, ессно... А дальше - самиздат нам поможет :D , раз не хотят издатели.
А зачем её покупать? На диске с Border Managet 3.7 в папке с документацией этот труд лежит в PDF-е.
Я его даже распечатал - всего 150 страниц А4. Осталось только прочитать :wink:

А вы ничего не путаете?
The Third Edition replaces the January 2003 Second Edition. This new version of the highly acclaimed book, at 1151 pages, is 417 pages longer than the Second Edition, and covers almost all aspects of understanding and configuring Novell BorderManager, versions 3.0, 3.5, 3.6, 3.7 and 3.8. The Third Edition covers significant changes made in BorderManager 3.8, while retaining the information needed to understand previous versions.


150 страниц (с двух сторон - 300) явно не равно 1151
Аватара пользователя
Мещеряков Андрей
 
Сообщения: 1999
Зарегистрирован: 19 сен 2002, 14:55
Откуда: lipetsk

Сообщение Larico » 08 апр 2004, 13:14

Мещеряков Андрей писал(а):А вы ничего не путаете?
150 страниц (с двух сторон - 300) явно не равно 1151

Нет ничего не путаю. Книжка на диске есть. Но так как 3.7 вышел в 2002 году, то и книжка лежит 2002 года. Содержание книжки вот такое:
CHAPTER 1 - OVERVIEW. 11
CHAPTER 2 - BASICS 15
CHAPTER 3 - INSTALLATION 30
CHAPTER 4 – UNDERSTANDING PACKET FILTERING 78
CHAPTER 5 – THE INITIAL CONFIGURATION. 81
CHAPTER 6 - HTTP PROXY. 105
CHAPTER 7 - ACCESS RULES 128
CHAPTER 8 – INSTALLING SURFCONTROL. 136

К тому же 150 страниц А4 - это 150 СТРАНИЦ А4 (с двух сторон = 75 листов). Соотношение с книжкой можно посчитать только зная формат книги и среднее заполнение листа в ней.
CNA 6 Certified;
Salesperson 2004
Аватара пользователя
Larico
 
Сообщения: 974
Зарегистрирован: 13 май 2003, 13:57
Откуда: Матрице все равно .....

Сообщение Alex-M » 08 апр 2004, 13:48

Larico
Вы не получили от меня вчера письмо? И личный мессадж? По поводу консультаций.

А семинары - эт хорошо!... :-)
Только где? И организация какая будет? Надо ведь что-то вроде повестки дня или тезисов тем... :roll:
И оповещать всех заинтересованных...
Вагончик тронется, НОВЕЛЛ - останется!!!
Alex-M
 
Сообщения: 298
Зарегистрирован: 21 авг 2002, 16:46
Откуда: Москва, МИД России

Сообщение Larico » 08 апр 2004, 14:16

Alex-M писал(а):Larico
Вы не получили от меня вчера письмо? И личный мессадж? По поводу консультаций.

А семинары - эт хорошо!... :-)
Только где? И организация какая будет? Надо ведь что-то вроде повестки дня или тезисов тем... :roll:
И оповещать всех заинтересованных...
1. Получил, и конечно ответил (в почту). Если не пришло сейчас повторю в ЛС.

2. То есть я так понимаю форум намеревается начать встречаться реально???
Вообще затея правильная. С реализацией только продумать нужно.
То есть так:
- приезжают люди
- достают ноуты с VmWare в которой установлены различные деревья
- и начинают обсуждать всё это... + обмениваться опытом :wink:

- а некоторые прамо с места коннектятся к своим родным сетям (по GPRS например) и показывают, что они там наворотили :D
CNA 6 Certified;
Salesperson 2004
Аватара пользователя
Larico
 
Сообщения: 974
Зарегистрирован: 13 май 2003, 13:57
Откуда: Матрице все равно .....

Сообщение alexp_mac » 08 апр 2004, 15:18

2. То есть я так понимаю форум намеревается начать встречаться реально???
Вообще затея правильная. С реализацией только продумать нужно.
То есть так:
- приезжают люди
- достают ноуты с VmWare в которой установлены различные деревья
- и начинают обсуждать всё это... + обмениваться опытом :wink:

- а некоторые прамо с места коннектятся к своим родным сетям (по GPRS например) и показывают, что они там наворотили.


Ну блин коммунизм какой-то. Т.е. так не бывает. Ничего не получится. Лучше просто пиво ;)
alexp_mac
 
Сообщения: 788
Зарегистрирован: 28 июн 2002, 10:50

Сообщение Мещеряков Андрей » 09 апр 2004, 08:18

Larico писал(а):Нет ничего не путаю. Книжка на диске есть. Но так как 3.7 вышел в 2002 году, то и книжка лежит 2002 года. Содержание книжки вот такое:
CHAPTER 1 - OVERVIEW. 11
CHAPTER 2 - BASICS 15
CHAPTER 3 - INSTALLATION 30
CHAPTER 4 – UNDERSTANDING PACKET FILTERING 78
CHAPTER 5 – THE INITIAL CONFIGURATION. 81
CHAPTER 6 - HTTP PROXY. 105
CHAPTER 7 - ACCESS RULES 128
CHAPTER 8 – INSTALLING SURFCONTROL. 136



Книжка, судя по оглавлению, урезана

[quote]
A Beginner’s Guide To
BorderManager 3.x
Understanding and Configuring Novell BorderManager,
versions 3.0, 3.5, 3.6, 3.7 and 3.8
Third Edition, Beta Version 1
November 13, 2003
Craig Johnson
Novell Support Connection Sysop
http://www.craigjconsulting.com/
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 2
Table of Contents
TABLE OF CONTENTS................................................................................................................. 2
WHAT’S NEW?........................................................................................................................... 17
New Content in this Version of the Book .................................................................................. 17
What Does a Beta Version of a Book Mean? ........................................................................... 20
PRINTING THIS BOOK ............................................................................................................... 21
ACKNOWLEDGEMENTS............................................................................................................ 22
ABOUT THE AUTHOR ................................................................................................................ 23
LICENSING ................................................................................................................................. 24
OFFICIAL DISCLAIMER.............................................................................................................. 25
CHAPTER 1 - OVERVIEW........................................................................................................... 27
What is BorderManager? .......................................................................................................... 27
Filtering................................................................................................................................. 27
Proxies.................................................................................................................................. 28
Gateways.............................................................................................................................. 28
VPN ...................................................................................................................................... 28
Differences Between BorderManager 3.8 and Previous Versions ........................................... 29
How This Book Is Organized .................................................................................................... 31
What this book covers ........................................................................................................... 32
What this book does not cover .............................................................................................. 32
CHAPTER 2 - BASICS ................................................................................................................ 33
Some Important Terminology.................................................................................................... 33
Prerequisite Knowledge ............................................................................................................ 34
TCP/IP Basics.......................................................................................................................... 35
Public & Private Networks..................................................................................................... 35
The Importance of the Default Route .................................................................................... 36
Domain Name Service (DNS) ............................................................................................... 38
Secondary IP Addresses....................................................................................................... 39
Proxy Versus Routing and NAT (How Proxies Work) ........................................................... 41
BorderManager Scenarios ........................................................................................................ 43
Scenario 1 - One Public IP Address...................................................................................... 43
Scenario 2 - A Cable Modem with DHCP Connection .......................................................... 45
Scenario 3 - Multiple Public IP Addresses ............................................................................ 48
Scenario 4 - BorderManager Used Only For HTTP Proxy.................................................... 50
Scenario 5 - A Single Firewall (3-NIC) DMZ Segment.......................................................... 51
Scenario 6 - A Classic Two-Firewall DMZ............................................................................. 53
Scenario 7 - A Simple Site-to-Site VPN ................................................................................ 54
Scenario 8 - A Simple Client-to-Site VPN ............................................................................. 55
Scenario 9 - Complex Multiple BorderManager Server Environments ................................. 56
Scenario 9A – The Original Network ................................................................................. 57
Scenario 9B – The More Current Network ........................................................................ 60
Some Rules of Thumb and Words of Wisdom.......................................................................... 64
CHAPTER 3 - INSTALLATION.................................................................................................... 67
Server Hardware Suggestions.................................................................................................. 67
NetWare Server Installation Tips .............................................................................................. 68
Using Caldera DRDOS and NetWare – MultiBoot Menu ...................................................... 68
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 3
Using MSDOS 6.22 and NetWare 5.1................................................................................... 71
Don’t Let The NetWare Installation Create the Volumes Automatically................................ 72
Install BorderManager from the Root of the CD.................................................................... 73
Get the Server on the Internet Before Configuring BorderManager ..................................... 73
Setting the Default Route and DNS Servers ......................................................................... 75
BorderManager Server Configuration Suggestions.................................................................. 80
NDS Design Considerations ..................................................................................................... 82
Background Information ........................................................................................................ 82
Version-Specific NDS Considerations................................................................................... 82
How to Install BorderManager Remotely .................................................................................. 83
Requirements ........................................................................................................................ 84
Example Scenario ................................................................................................................. 85
STARTX.NCF .................................................................................................................... 85
REMX.NCF........................................................................................................................ 85
DX.NCF............................................................................................................................. 85
Procedure .............................................................................................................................. 86
Recommended Patches and Installation Sequence................................................................. 87
Installing BorderManager 3.8 ................................................................................................ 87
on NetWare 6.5.................................................................................................................. 87
on NetWare 6.0.................................................................................................................. 89
on NetWare 5.1.................................................................................................................. 90
Installing BorderManager 3.7 ................................................................................................ 91
On NetWare 6.0................................................................................................................. 91
On NetWare 5.1................................................................................................................. 92
Installing BorderManager 3.6 ................................................................................................ 94
On NetWare 6.0................................................................................................................. 94
On NetWare 5.1................................................................................................................. 95
On NetWare 5.0................................................................................................................. 96
On NetWare 4.11/4.2......................................................................................................... 97
Installing BorderManager 3.5 ................................................................................................ 99
On NetWare 5.1................................................................................................................. 99
On NetWare 5.0............................................................................................................... 101
On NetWare 4.11............................................................................................................. 103
Installing BorderManager 3.0 .............................................................................................. 105
On NetWare 5.0............................................................................................................... 105
On NetWare 4.11 / 4.20................................................................................................... 105
Upgrade Considerations...................................................................................................... 107
Example Installation of BorderManager 3.8 on NetWare 6.0.............................................. 109
If You Are Upgrading BorderManager ............................................................................. 133
NetWare 6.5 – Automatic Cache Volume Selection / Creation ....................................... 134
Example Installation of BorderManager 3.7 on NetWare 6.0.............................................. 137
If You Are Upgrading BorderManager ............................................................................. 145
Fresh Install of BorderManager 3.7 ................................................................................. 146
Installation, Continued (Fresh Install or Upgrade Situation)............................................ 151
Post-Installation Procedures for BorderManager 3.7 or 3.8................................................ 154
Installing BorderManager 3.7 or 3.8 Licenses with iManager ......................................... 154
The FILTSRV MIGRATE Procedure....................................................................................... 159
Starting BorderManager.......................................................................................................... 160
BorderManager 3.0 / NetWare 4.x ...................................................................................... 160
BorderManager 3.7/3.8 / NetWare 5.x/6.x .......................................................................... 162
General Installation Notes....................................................................................................... 164
Working Around Licensing Startup Delays.......................................................................... 164
BorderManager 3.0, 3.5 and 3.6...................................................................................... 164
BorderManager 3.7 and 3.8............................................................................................. 165
NDS –601 Error Messages At Startup ................................................................................ 165
Loading and Unloading BorderManager Manually.............................................................. 166
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 4
BMOFF.NCF (BorderManager 3.6 or Earlier).................................................................. 167
BMON.NCF (BorderManager 3.6 or Earlier) ................................................................... 167
BMON.NCF (BorderManager 3.6 or Earlier) ................................................................... 168
BorderManager Licenses........................................................................................................ 169
What Are NLS Licenses? .................................................................................................... 169
NLS Issues .......................................................................................................................... 170
MLA Licenses...................................................................................................................... 171
Changing Out A BorderManager Server................................................................................. 173
Concerns ............................................................................................................................. 173
Concept ............................................................................................................................... 173
Procedure 1 – Primary IP Addresses Used ........................................................................ 173
Procedure 2 – Secondary IP Addresses Used.................................................................... 175
Critical BorderManager-Related Files..................................................................................... 178
Configuration Tools ............................................................................................................. 178
INETCFG.NLM ................................................................................................................ 178
NIASCFG.NLM ................................................................................................................ 178
VPNCFG.NLM ................................................................................................................. 178
BRDCFG.NLM................................................................................................................. 178
FILTCFG.NLM ................................................................................................................. 178
INSTALL.NLM.................................................................................................................. 178
NWCONFIG.NLM ............................................................................................................ 178
SYS:\PUBLIC\WIN32\NWADMN32.EXE......................................................................... 179
SYS:\PUBLIC\MGMT\CONSOLEONE\1.2\BIN\CONSOLEONE.EXE ............................ 179
iManager 2.0.................................................................................................................... 179
IManager 1.5.................................................................................................................... 179
CRON.NLM...................................................................................................................... 180
Novell Remote Manager (NRM) ...................................................................................... 180
Data Files ............................................................................................................................ 180
SYS:\ETC\HOSTS........................................................................................................... 180
SYS:\ETC\GATEWAYS................................................................................................... 180
SYS:\ETC\RESOLV.CFG ................................................................................................ 180
SYS:\ETC\TCPIP.CFG .................................................................................................... 180
SYS:\ETC\NETINFO.CFG............................................................................................... 181
SYS:\ETC\FILTERS.CFG................................................................................................ 181
SYS:\ETC\CRONTAB...................................................................................................... 181
SYS:\ETC\PROXY\PROXY.CFG .................................................................................... 181
Startup Files ........................................................................................................................ 181
C:\CONFIG.SYS.............................................................................................................. 181
C:\AUTOEXEC.BAT ........................................................................................................ 182
C:\NWSERVER\STARTUP.NCF ..................................................................................... 182
SYS:\SYSTEM\AUTOEXEC.NCF ................................................................................... 182
Troubleshooting Tools......................................................................................................... 182
TCPCON.NLM................................................................................................................. 182
CALLMGR.NLM............................................................................................................... 182
PPPTRACE.NLM............................................................................................................. 182
Keeping BorderManager Up-to-date....................................................................................... 183
Patches............................................................................................................................... 183
PROXY.CFG Settings ......................................................................................................... 183
The BorderManager 3.5 Enhancement Pack...................................................................... 184
Tips For Getting NWADMN32 To Work With BorderManager Server.................................... 185
Rename the ACNWAUTH.DLL Snapin ............................................................................... 185
Get The Latest Version of NWADMN32.............................................................................. 185
Fix Invalid BorderManager Snapin Modules Errors ............................................................ 185
Fix “No BorderManager Licenses Available” Messages ..................................................... 185
What snapins should I have? .............................................................................................. 186
BorderManager 3.8 / NetWare 6.0 .................................................................................. 186
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 5
BorderManager 3.7 / NetWare 6.0 .................................................................................. 187
BorderManager 3.6 / NetWare 5.1 .................................................................................. 188
BorderManager 3.5 / NetWare 5.0 .................................................................................. 189
BorderManager 3.0 / NetWare 4.11 ................................................................................ 190
CHAPTER 4 – UNDERSTANDING PACKET FILTERING ....................................................... 191
Default Packet Filters.............................................................................................................. 192
The BorderManager 3.x Default Packet Filters................................................................... 192
Outgoing RIP Filters: ....................................................................................................... 192
Incoming RIP Filters ........................................................................................................ 193
Outgoing EGP Filters:...................................................................................................... 193
Incoming EGP Filters....................................................................................................... 193
OSPF External Route Filters ........................................................................................... 193
Packet Forwarding Filters ................................................................................................ 193
Packet Filter Exceptions ......................................................................................................... 194
What are the Default Packet Filter Exceptions?.................................................................. 194
BorderManager 3.0, 3.5 and 3.6...................................................................................... 194
BorderManager 3.7.......................................................................................................... 196
BorderManager 3.8.......................................................................................................... 198
Using iManager to View Filtering Information ......................................................................... 201
CHAPTER 5 – THE INITIAL CONFIGURATION....................................................................... 205
BorderManager Setup Main Menu.......................................................................................... 207
BorderManager IP Address Configuration.............................................................................. 209
Secondary IP addresses used on BORDER1..................................................................... 211
Authentication Context (Proxy Authentication) ....................................................................... 212
Concept ............................................................................................................................... 212
Configuration ....................................................................................................................... 212
Proxy Authentication Settings ............................................................................................. 213
40-bit, 56-bit and 128-bit Encryption ................................................................................... 218
Using Proxy Authentication on the Client with CLNTRUST................................................ 220
CLNTRUST Problem Work-Around................................................................................. 221
Configuring SSL Proxy Authentication ................................................................................ 223
Creating a Security Container.......................................................................................... 224
Creating a Certificate Authority, pre-NetWare 5.1........................................................... 225
Creating a Certificate Authority, with NetWare 5.1 or 6.x................................................ 227
Creating a Key Material Object for BorderManager with NWADMN32........................... 228
Assigning the Key Material Object for SSL Proxy Authentication ................................... 237
Using SSL Proxy Authentication...................................................................................... 238
Test Conditions................................................................................................................ 239
The SSL Proxy Authentication Login Screen (HTML) ..................................................... 240
BorderManager 3.8 SSL Proxy Authentication Login Screen (HTML) ............................ 242
Cookie-based Proxy Authentication .................................................................................... 244
Proxy Authentication For Citrix and Terminal Servers ........................................................ 245
Concept........................................................................................................................... 245
Pros................................................................................................................................. 245
Cons................................................................................................................................ 245
Configuring Terminal Server Authentication.................................................................... 246
PROXY.CFG Configuration ............................................................................................. 246
DNS Parameters..................................................................................................................... 249
Transport................................................................................................................................ 251
CHAPTER 6 - HTTP PROXY..................................................................................................... 253
Concepts ................................................................................................................................ 253
Pros........................................................................................................................................ 253
Cons....................................................................................................................................... 254
How BorderManager HTTP Proxy Works With DNS.............................................................. 255
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 6
How Browsers Are Configured For HTTP Proxy .................................................................... 259
Internet Explorer.................................................................................................................. 260
Mozilla 1.5 ........................................................................................................................... 262
Opera 7............................................................................................................................... 264
Netscape 4.7 ....................................................................................................................... 265
HTTP Proxy Details ................................................................................................................ 267
HTTP .................................................................................................................................. 267
Cache Hierarchy Server ...................................................................................................... 269
Cache Hierarchy Client ....................................................................................................... 270
No Cache Hierarchy ........................................................................................................ 270
Cache Hierarchy Client Set ............................................................................................. 270
Cache Hierarchy Client Set ............................................................................................. 271
Cache Hierarchy Routing .................................................................................................... 272
No Cache Hierarchy ........................................................................................................ 272
Cache Hierarchy Configured ........................................................................................... 273
Logging............................................................................................................................... 274
Common Logging ............................................................................................................ 274
Extended Logging............................................................................................................ 276
Indexed Logging .............................................................................................................. 277
HTTP Proxy Caching .............................................................................................................. 279
Cache Aging........................................................................................................................ 279
Cache Control ..................................................................................................................... 280
Cache Location ................................................................................................................... 282
Cachable Object Control ..................................................................................................... 285
Entering a Non-Cacheable URL Pattern ......................................................................... 286
Clearing the Proxy Cache................................................................................................ 287
Scheduled Downloads......................................................................................................... 288
Entering a URL to download on a schedule .................................................................... 289
Set Download Frequency ................................................................................................ 290
HTTP Proxy - SOCKS Client .................................................................................................. 291
Concept ............................................................................................................................... 291
Pros .................................................................................................................................... 291
Cons ................................................................................................................................... 291
Setting Up a Cache Hierarchy ................................................................................................ 294
Concept ............................................................................................................................... 294
CERN Configuration, BorderManager Server as a Client................................................... 295
ICP Cache Hierarchy........................................................................................................... 297
Cache Hierarchy Routing Exceptions ................................................................................. 298
CHAPTER 7 - TRANSPARENT PROXY................................................................................... 301
Transparent Proxy (HTTP)...................................................................................................... 301
Concept ............................................................................................................................... 301
Pros................................................................................................................................. 301
Cons................................................................................................................................ 301
Configuring Transparent Proxy ........................................................................................... 303
BorderManager 3.0 Transparent Proxy configuration menu ........................................... 303
BorderManager 3.5 and Later Transparent Proxy configuration menu........................... 304
Transparent TELNET Proxy.................................................................................................... 307
Concept ............................................................................................................................... 307
Configuring Transparent TELNET Proxy ............................................................................ 308
User Authentication ............................................................................................................. 310
Transparent TELNET Proxy Usage .................................................................................... 311
Example 1 – No User-based Authentication Required.................................................... 311
Example 2 – NDS-Based User Authentication ................................................................ 312
CHAPTER 8 - FTP PROXY........................................................................................................ 315
Concept.................................................................................................................................. 315
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 7
Pros........................................................................................................................................ 315
Cons....................................................................................................................................... 315
Alternative For ACTIVE (PORT) FTP ..................................................................................... 315
Configuring FTP Proxy............................................................................................................ 316
User Authentication ............................................................................................................. 316
Clear Text User/Password............................................................................................... 316
Single Sign On................................................................................................................. 316
FTP Proxy Usage.................................................................................................................... 317
Example 1 – No User-based Authentication Required, DOS FTP Client ........................... 317
Example 2 – User-based Authentication Required, DOS FTP Client ................................. 319
Example 3 – User-based Authentication Required, CuteFTP Client .................................. 324
Example 4 – User-based Authentication Required, WS_FTP Client .................................. 326
All Examples, FTP Proxy Statistics Screen......................................................................... 327
CHAPTER 9 - MAIL PROXY...................................................................................................... 329
Concept.................................................................................................................................. 329
Pros........................................................................................................................................ 329
Cons....................................................................................................................................... 329
An Alternative......................................................................................................................... 330
A GWIA Alternative ................................................................................................................. 330
Configuring Mail Proxy............................................................................................................ 331
No Internal Mail Server, Mail Through Proxy ...................................................................... 331
Internal Mail Server, All Mail Through Proxy....................................................................... 333
PROXY.CFG Settings for Mail Proxy .................................................................................. 336
BorderManager 3.5 through 3.7 ...................................................................................... 336
BorderManager 3.8, With Multiple Domain Support........................................................ 336
GWIA Example Settings...................................................................................................... 338
Access Rules to Allow POP3 Through Mail Proxy.............................................................. 339
Inbound POP3 to Internal Mail Server............................................................................. 339
Outbound POP3 to External Mail Server......................................................................... 340
Access Rule To Allow SMTP Through Mail Proxy .............................................................. 341
Access Rules to Control Use of Mail Proxy......................................................................... 342
Internal Mail Server.......................................................................................................... 342
No Internal Mail Server .................................................................................................... 342
Access Rule Examples.................................................................................................... 343
Filter Exceptions Required for Mail Proxy with Internal Mail Server ................................... 346
Filter Exceptions Required for Mail Proxy with Internal Mail Server ................................... 346
SMTP Filter Exceptions ................................................................................................... 346
POP3 Filter Exceptions.................................................................................................... 348
CHAPTER 10 - NEWS PROXY.................................................................................................. 351
Concept.................................................................................................................................. 351
Pros........................................................................................................................................ 351
Cons....................................................................................................................................... 351
Using News Proxy With An External NNTP Server ................................................................ 352
Access Rules Blocking Posting ....................................................................................... 354
Access Rules Blocking Reading...................................................................................... 355
CHAPTER 11 - REAL AUDIO PROXY...................................................................................... 357
Concept.................................................................................................................................. 357
Pros........................................................................................................................................ 357
Cons....................................................................................................................................... 357
BorderManager 3.0 Settings ................................................................................................... 358
BorderManager 3.5 & Later Settings ...................................................................................... 359
BorderManager 3.0 RealAudio Proxy Access Rule................................................................ 360
BorderManager 3.5 & Later RealAudio and RTSP Access Rule............................................ 361
RealOne (Free) Player Configuration ..................................................................................... 362
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 8
RealPlayer G2 Configuration .................................................................................................. 366
CHAPTER 12 - DNS PROXY..................................................................................................... 367
Concept.................................................................................................................................. 367
Pros........................................................................................................................................ 367
Cons....................................................................................................................................... 367
An Alternative......................................................................................................................... 367
Configuring DNS Proxy........................................................................................................... 369
CHAPTER 13 - GENERIC TCP PROXY.................................................................................... 371
Concept.................................................................................................................................. 371
Pros........................................................................................................................................ 371
Cons....................................................................................................................................... 371
Configuring Generic TCP Proxy.............................................................................................. 373
Example for Novell Remote Manager..................................................................................... 375
Generic Proxy Configuration for Novell Remote Manager.................................................. 375
Access Rule Configuration for Novell Remote Manager..................................................... 377
Example for iManager............................................................................................................. 378
Generic Proxy Configuration for iManager.......................................................................... 378
Access Rule Configuration for iManager............................................................................. 379
Example for NetWare Web Manager...................................................................................... 380
Generic Proxy Configuration for Web Manager .................................................................. 381
Filter Exceptions for Web Manager..................................................................................... 382
Browser Configuration for Web Manager............................................................................ 384
Access Rule Configuration for Web Manager..................................................................... 385
Example For NNTP with Port Translation............................................................................... 386
Generic Proxy Configuration for NNTP............................................................................... 387
Access Rule Configuration for NNTP.................................................................................. 388
Outlook Express Configuration............................................................................................ 389
Agent /Free Agent Configuration......................................................................................... 397
Example Generic TCP Proxy for Inbound pcANYWHERE..................................................... 398
Generic Proxy Configuration for pcANYWHERE................................................................ 399
CHAPTER 14 - GENERIC UDP PROXY ................................................................................... 401
Concept.................................................................................................................................. 401
Pros........................................................................................................................................ 401
Cons....................................................................................................................................... 401
Generic UDP Proxy - Time Server Proxies............................................................................. 403
Configuring A Generic UDP Proxy for NTP......................................................................... 404
Configuring a Generic UDP Proxy for RDATE.................................................................... 405
Example Generic UDP Proxy for Inbound pcANYWHERE .................................................... 406
CHAPTER 15 – ACCELERATION (REVERSE PROXY) .......................................................... 409
Concept.................................................................................................................................. 409
Pros........................................................................................................................................ 409
Cons....................................................................................................................................... 410
Using The Primary Public IP Address..................................................................................... 410
Configuring Reverse Proxy Acceleration ............................................................................ 411
Using a Secondary Public IP Address ................................................................................ 414
Filter Exceptions Needed for Reverse Proxy Acceleration.............................................. 414
Access Rule Required for Reverse Proxy Acceleration .................................................. 418
FTP Acceleration .................................................................................................................... 419
Concept ............................................................................................................................... 419
Pros .................................................................................................................................... 419
Cons ................................................................................................................................... 419
Configuration ....................................................................................................................... 419
CHAPTER 16 – THE GATEWAYS............................................................................................ 423
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 9
IPX/IP Gateway....................................................................................................................... 423
Concept ............................................................................................................................... 423
Pros .................................................................................................................................... 424
Cons ................................................................................................................................... 424
History of IPX/IP Gateway................................................................................................... 424
IntranetWare IPX/IP Gateway.......................................................................................... 424
BorderManager 2.1 IPX/IP Gateway ............................................................................... 425
BorderManager 3.x IPX/IP Gateway ............................................................................... 426
Client Settings For IP Gateway............................................................................................... 429
Use Proxy, No Authentication, No Rules, No Logging........................................................ 429
Use Proxy, Authentication, Access Rules and Logging ...................................................... 429
Use IP gateway, No Proxy, Access Rules and Logging ..................................................... 430
Installing IP Gateway Service on the PC ................................................................................ 431
IP/IP Gateway ......................................................................................................................... 434
Concept ............................................................................................................................... 434
Pros .................................................................................................................................... 434
Cons ................................................................................................................................... 434
Access Rules, Proxies and the IP/IP Gateway ................................................................... 435
IP/IP Gateway With Access Rules And Without Proxy.................................................... 435
IP/IP Gateway Without Access Rules And With Proxy.................................................... 435
IP/IP Gateway With Proxy and With Access Rules ......................................................... 435
Configuring IP/IP Gateway.................................................................................................. 436
SOCKS Gateway .................................................................................................................... 438
Concept ............................................................................................................................... 438
Pros .................................................................................................................................... 438
Cons ................................................................................................................................... 438
CHAPTER 17 – LEGACY SITE-TO-SITE VPN ......................................................................... 441
Introduction to BorderManager Legacy VPN.......................................................................... 441
Concept.................................................................................................................................. 441
Filter Exceptions Required...................................................................................................... 441
Setting Up the Master VPN Server ......................................................................................... 443
Configuration Tasks at the Server Console ........................................................................ 443
VPN IP and IPX Addressing Design Considerations .......................................................... 446
Setting Up The Master VPN Server, Continued.................................................................. 449
Configuring the VPN Master Server in NWADMN32 .......................................................... 461
Adding a Site-to-Site Slave VPN Server – Server Console Procedures ................................ 468
Adding a VPN Slave Server – NWADMN32 Procedures ....................................................... 482
CHAPTER 18 – LEGACY CLIENT-TO-SITE VPN .................................................................... 491
Concept.................................................................................................................................. 491
Setting Up VPN Servers ......................................................................................................... 492
BorderManager Client-to-Site VPN Access Rules .............................................................. 498
Configuring a Client-to-Site VPN Client PC ............................................................................ 505
VPN Client Connection Process – A Case Study ............................................................... 506
Step 1 – Try LAN VPN Client Connection to BORDER1................................................. 507
Step 2 – Repeat Test With Valid IP Address................................................................... 510
Step 3 – Install/Reinstall VPN Client Software ................................................................ 514
Step 4 – Try LAN VPN Client Connection to BORDER2................................................. 517
Step 5 – Create a Login Policy Object............................................................................. 520
Step 6 – Add Rule for VPN Authentication ...................................................................... 523
Step 7 – Try LAN VPN Client Connection to BORDER2 Again ...................................... 528
Client-to-Site VPN Using Pure IP Login.................................................................................. 530
Routing Issues..................................................................................................................... 530
Missing Default Route on Internal Hosts and Routers .................................................... 530
Incorrect Default Route on Internal Hosts and Routers................................................... 531
Missing Encrypted Network on VPN Server.................................................................... 531
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 10
Issues with Client-to-Site over Site-to-Site Links ................................................................ 532
Issue with BorderManager 3.5 and 3.6 with Client-to-Site VPN and Dynamic NAT ....... 533
Name Resolution (Service Location) Issues ....................................................................... 533
Making Use of SLP .......................................................................................................... 533
Using NWHOST Instead Of (Or In Addition To) SLP (Win9x Only) ................................ 534
Using the HOSTS File (All Windows Platforms) .............................................................. 535
The Importance of Client32 Protocol Preferences .......................................................... 536
The Bottom Line .................................................................................................................. 538
Client-to-Site VPN Over NAT .............................................................................................. 540
Disconnecting a Client-to-Site Connection.......................................................................... 540
CHAPTER 19 – BORDERMANAGER 3.8 SITE-TO-SITE VPN................................................ 541
Theory.................................................................................................................................... 541
Overview ................................................................................................................................ 542
Upgrade Considerations ......................................................................................................... 543
Network Diagram .................................................................................................................... 545
Prerequisites ........................................................................................................................... 546
Site-to-Site VPN...................................................................................................................... 547
Understanding Certificates and VPN .................................................................................. 547
Custom Server Certificates.............................................................................................. 547
User Certificates (for Client-to-Site VPN) ........................................................................ 548
Trusted Root Containers.................................................................................................. 548
Site-to-Site VPN - Summary of Major Steps ....................................................................... 548
Configure JACK as a VPN Server....................................................................................... 550
Configure JACK as the Master Site-to-Site VPN Server..................................................... 561
VPN Server Configuration ............................................................................................... 561
Configure Site-to-Site VPN Service................................................................................. 563
Configure MOE as a VPN Server........................................................................................ 574
Configure MOE as a Site-to-Site VPN Slave Server........................................................... 582
Prerequisites................................................................................................................... 582
Configuring MOE ............................................................................................................. 583
Adding MOE as a VPN Slave Server to the VPN................................................................ 592
Configuring Site-to-Site VPN Parameters ........................................................................... 604
General Parameters ........................................................................................................ 605
Traffic Rules..................................................................................................................... 606
3rd Party Traffic Rules ...................................................................................................... 607
Configure MANNY as a VPN Server Behind NAT .............................................................. 608
Configuration Steps Performed ....................................................................................... 608
Linksys Router Configuration (NAT Configuration) ......................................................... 609
VPN Certificate Details .................................................................................................... 613
Trusted Root Object in Slave Server NDS Tree.............................................................. 616
Trusted Root Object in Master Server NDS Tree............................................................ 617
Slave Server MANNY VPN Configuration ....................................................................... 618
Configuration of Slave Server MANNY on Master VPN Server ...................................... 619
Manually Creating A Trusted Root Object (TRO), Using ConsoleOne ............................... 622
Exporting JACK’s VPN Certificate to a .DER File using ConsoleOne............................. 623
Create MOE’s Trusted Root Object from a .DER File Using ConsoleOne...................... 629
Manually Creating A Trusted Root Object (TRO), Using iManager .................................... 634
Exporting MOE’s VPN Certificate to a .DER File using iManager................................... 635
Create JACK’s Trusted Root Object from a .DER File Using iManager.......................... 647
Manually Creating a Trusted Root Container (TRC)........................................................... 656
Using iManager 2.0.......................................................................................................... 656
Using ConsoleOne........................................................................................................... 659
Manually Creating a VPN Server Certificate ....................................................................... 662
Using iManager................................................................................................................ 662
Using ConsoleOne........................................................................................................... 678
Table of Contents November 13, 2003
A Beginner’s Guide to BorderManager 3.x - Copyright 2000-2003, Craig S. Johnson Page 11
CHAPTER 20 - BORDERMANAGER 3.8 CLIENT-TO-SITE VPN............................................ 691
Quick Summary ...................................................................................................................... 691
Limitations ............................................................................................................................... 692
NDS Context........................................................................................................................ 692
Traffic Rule Limitations........................................................................................................ 692
Authentication Rule Limitations........................................................................................... 692
LDAP Configuration............................................................................................................. 693
Configure A Server for Client-to-Site VPN.............................................................................. 694
Configure General Parameters ........................................................................................... 694
Configure Traffic Rules........................................................................................................ 701
Traffic Rules – Allow Admin User to All ........................................................................... 705
Traffic Rules - Allow VPN Users to All Hosts Except 10.1.1.50 ...................................... 711
Deny All Access to 10.1.1.50 Rule .................................................................................. 712
Traffic Rule - Allow VPN Users Group to All Hosts ......................................................... 716
Traffic Rule - Allow All Users in NDS Tree Access to 10.1.1.100 ................................... 719
Traffic Rule – Allow All Users to iFolder Server, Unencrypted........................................ 723
Configure Client-to-Site Authentication Rules..................................................................... 728
LDAP Configuration............................................................................................................. 734
DNS/SLP Configuration....................................................................................................... 735
Assign the Client-to-Site VPN Service to VPN Server JACK ................................................. 741
Novell VPN Client Installation And Configuration ................................................................... 747
Installing the Novell VPN Client........................................................................................... 747
Using BorderManager 3.8 VPN Client – Backwards Compatibility Mode .............................. 753
Using BorderManager 3.8 VPN Client – NMAS Authentication Mode.....................
Аватара пользователя
Мещеряков Андрей
 
Сообщения: 1999
Зарегистрирован: 19 сен 2002, 14:55
Откуда: lipetsk

Сообщение Сергей Каретин » 09 апр 2004, 08:22

Само собой урезана, это у нее даже в названии отражено:

"A Beginner’s Guide To BorderManager 3.x, Lite Version"
Сергей Каретин
 
Сообщения: 201
Зарегистрирован: 05 июн 2002, 08:21
Откуда: Ярославль

Сообщение Larico » 09 апр 2004, 11:22

Сергей Каретин писал(а):Само собой урезана, это у нее даже в названии отражено:"A Beginner’s Guide To BorderManager 3.x, Lite Version"
Точно! Лайт версия, зато бесплатно!
На диске с 3.8 книжка чуть больше = 187 стр. (October 10, 2003).
CNA 6 Certified;
Salesperson 2004
Аватара пользователя
Larico
 
Сообщения: 974
Зарегистрирован: 13 май 2003, 13:57
Откуда: Матрице все равно .....

Сообщение Иван [iva] » 09 апр 2004, 12:17

А полный вариант есть у человека, или где его можно вязть? Купить через бугор у меня возможности нет.
Аватара пользователя
Иван [iva]
 
Сообщения: 64
Зарегистрирован: 11 дек 2002, 18:33
Откуда: Russia, Moscow

Сообщение Мещеряков Андрей » 09 апр 2004, 12:50

Я думаю, будет :)
Аватара пользователя
Мещеряков Андрей
 
Сообщения: 1999
Зарегистрирован: 19 сен 2002, 14:55
Откуда: lipetsk


Вернуться в Novell

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 66

cron