We have BM 3.8 sp5 running on NW 6.5 sp6 and was having an LDAP problem
between our two servers a few months back. Finally opened up a support
request with Novell and they removed directory services from the BM
server, they then pulled the directory info from our other server. I
didn't realize until later that my filters are gone from our BM server.
I first ran filt migrate, like I did when I upgraded to 3.8 a year or so
back, but that didn't seem to work. I have a print out of the filters,
and was going to put them back in manually after running bdrcfg. When
running bdrcfg I had a message that all filters could not be created and
that my server was still not secure(or something to that effect). Not
knowing what to do next, I re-applied BM sp5 but could not see that it
changed anything. Do I need to remove BM, then re-install?

Thanks,
Rob


--
robkoon81
------------------------------------------------------------------------
robkoon81's Profile: http://forums.novell.com/member.php?userid=13696
View this thread: http://forums.novell.com/showthread.php?t=344316

In article <robkoon81.3fzy00@no-mx.forums.novell.com>, Robkoon81 wrote:
> Not
> knowing what to do next, I re-applied BM sp5 but could not see that it
> changed anything. Do I need to remove BM, then re-install?
>
You're not in bad shape, though it would have been good to have a backup
of the ETC directory from before the removal of eDir.

BRDCFG will create default filters and exceptions. If it sees other
exceptions already present, it will give you a warning that there might
be security issues - it doesn't know what is there and what is not
there.

If you have a printout of the filters, you can use FILTCFG to put them
back in manually.

If you have a backup of the ETC directory, there is a good chance you
can restore the old filters using a FILTSRV MIGRATE procedure. There
are a number of variables in your situation that can make things a bit
messy at this point (you might be interested in my BMgr Filtering book
at this point - see the URL below), but bottom line is that you don't
have to reinstall, and worse case should be able to just do a lot of
typing in FILTCFG to get the filter exceptions back.

You do have to be careful that filtering itself is actually working, and
that you don't have a lack of filtering - see tip #13 at the URL below.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

phxazcraig;1643539 Wrote:
> In article <robkoon81.3fzy00@no-mx.forums.novell.com>, Robkoon81 wrote:
> > Not
> > knowing what to do next, I re-applied BM sp5 but could not see that
> it
> > changed anything. Do I need to remove BM, then re-install?
> >
> You're not in bad shape, though it would have been good to have a
> backup
> of the ETC directory from before the removal of eDir.
>
> BRDCFG will create default filters and exceptions. If it sees other
> exceptions already present, it will give you a warning that there
> might
> be security issues - it doesn't know what is there and what is not
> there.
>
> If you have a printout of the filters, you can use FILTCFG to put them
> back in manually.
>
> If you have a backup of the ETC directory, there is a good chance you
> can restore the old filters using a FILTSRV MIGRATE procedure. There
> are a number of variables in your situation that can make things a bit
> messy at this point (you might be interested in my BMgr Filtering book
> at this point - see the URL below), but bottom line is that you don't
> have to reinstall, and worse case should be able to just do a lot of
> typing in FILTCFG to get the filter exceptions back.
>
> You do have to be careful that filtering itself is actually working,
> and
> that you don't have a lack of filtering - see tip #13 at the URL
> below.
>
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to 'Craig Johnson Consulting - BorderManager,
> NetWare, and More' (http://www.craigjconsulting.com) ***

I think I can find a backup of the etc directory. From reading your tip
#13 I assume that the file filters.cfg is the file I need to restore
from the etc directory?
As far as if filtering itself is working, if I look at the packets
denied list, all I see is: <End of List>


--
robkoon81
------------------------------------------------------------------------
robkoon81's Profile: http://forums.novell.com/member.php?userid=13696
View this thread: http://forums.novell.com/showthread.php?t=344316

phxazcraig;1643539 Wrote:
> In article <robkoon81.3fzy00@no-mx.forums.novell.com>, Robkoon81 wrote:
> > Not
> > knowing what to do next, I re-applied BM sp5 but could not see that
> it
> > changed anything. Do I need to remove BM, then re-install?
> >
> You're not in bad shape, though it would have been good to have a
> backup
> of the ETC directory from before the removal of eDir.
>
> BRDCFG will create default filters and exceptions. If it sees other
> exceptions already present, it will give you a warning that there
> might
> be security issues - it doesn't know what is there and what is not
> there.
>
> If you have a printout of the filters, you can use FILTCFG to put them
> back in manually.
>
> If you have a backup of the ETC directory, there is a good chance you
> can restore the old filters using a FILTSRV MIGRATE procedure. There
> are a number of variables in your situation that can make things a bit
> messy at this point (you might be interested in my BMgr Filtering book
> at this point - see the URL below), but bottom line is that you don't
> have to reinstall, and worse case should be able to just do a lot of
> typing in FILTCFG to get the filter exceptions back.
>
> You do have to be careful that filtering itself is actually working,
> and
> that you don't have a lack of filtering - see tip #13 at the URL
> below.
>
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to 'Craig Johnson Consulting - BorderManager,
> NetWare, and More' (http://www.craigjconsulting.com) ***




I think I can find a backup of the etc directory. From reading your tip
#13 I assume that the file filters.cfg is the file I need to restore
from the etc directory?
As far as if filtering itself is working, if I look at the packets
denied list, all I see is: <End of List>

Thanks,
Rob


--
robkoon81
------------------------------------------------------------------------
robkoon81's Profile: http://forums.novell.com/member.php?userid=13696
View this thread: http://forums.novell.com/showthread.php?t=344316

In article <robkoon81.3g8utz@no-mx.forums.novell.com>, Robkoon81 wrote:
> I think I can find a backup of the etc directory. From reading your tip
> #13 I assume that the file filters.cfg is the file I need to restore
> from the etc directory?
> As far as if filtering itself is working, if I look at the packets
> denied list, all I see is: <End of List>
>
Filters.cfg is the file you want, but it's not as simple as copying it
back to the etc directory. Since BM 3.7, the default is to have BMgr
read filters from NDS, though it will also write them out to filters.cfg
as well. To get filters back into NDS, you need to do a filtsrv migrate
process - not hard, but you have to understand how things work to get the
sequence of events right. I have an explanation of all this in my Bmgr
filtering book.

If you see nothing in the Filters list, you are not doing any packet
filtering at all...

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

I have your first edition filtering book, but it only covers up to
version 3.5. Sounds like its time to upgrade.

Thanks,
Rob


--
robkoon81
------------------------------------------------------------------------
robkoon81's Profile: http://forums.novell.com/member.php?userid=13696
View this thread: http://forums.novell.com/showthread.php?t=344316

In article <robkoon81.3gbnan@no-mx.forums.novell.com>, Robkoon81 wrote:
> I have your first edition filtering book, but it only covers up to
> version 3.5. Sounds like its time to upgrade.
>
The later version does cover the aspects of filtering being moved into
eDir.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

I have purchased your latest version of your filter book. Is the
procedure, outlined on pages 79 and 80, what I need to do to restore my
filtering?


--
robkoon81
------------------------------------------------------------------------
robkoon81's Profile: http://forums.novell.com/member.php?userid=13696
View this thread: http://forums.novell.com/showthread.php?t=344316

More info: I deleted everything in the NBMRuleContainer, went into
filtcfg and deleted two entries there for IPX, then ran brdcfg to
install default filters, looked at the logger screen afterwards and have
numerous ecode -608 for all IP entries and have two successful IPX
entries. Then looked at the contents of my NBMRuleContainer and have
numerous entries there again. If I manually try to add a filter
exception in filtcfg, I get the -608 error on the logger screen as well.


--
robkoon81
------------------------------------------------------------------------
robkoon81's Profile: http://forums.novell.com/member.php?userid=13696
View this thread: http://forums.novell.com/showthread.php?t=344316