Hi!

I'm using the Novell SBS 6.5 , on 3 servers tree:

1. Border Manager 3.8- sp1
2. GroupWise (NAT) - sp1
3. WEB (NAT) -sp6

I need to use the RDBHOST.NLM on the WEB server (the third one).

I was said to permit "forwarding for port 8880.

Please tell me what to change and how.

TIA

Nanu

Nanu,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://support.novell.com/forums/

In article <pipIk.747$Fg1.244@kovat.provo.novell.com>, Nanu Kalmanovitz
wrote:
> I was said to permit "forwarding for port 8880.
>
You would need to create a custom filter exception for tcp destination
port 8880 (source port=any) and make it stateful. You can use
FILTCFG.NLM on the BM server. Make it from private to public
interface.

Have a look at the URL below - you might be interested in my BMgr
filtering book for help on this.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Thanks!

I have the book. I did the following but it doesn't work:

-----------
Source: Private
Destination: Public

Protocol: TCP
Source: ALL
Destination: 8880
ACK: Disabled
Stateful: Enabled

Src Addr Type: Any Address
Dest Addr Type: Host
Dest IP Address: my server public address (NAT)

What I am missing:
1. Are the Src or DEST IP address type and number ok?
2. Shall I put the private address instead the public?
3. Is it because the NAT?

TIA

Nanu

>>> Craig Johnson<craigsj@ix.netcom.com> 22/10/2008 16:31:19 >>>
In article <pipIk.747$Fg1.244@kovat.provo.novell.com>, Nanu Kalmanovitz
wrote:
> I was said to permit "forwarding for port 8880.
>
You would need to create a custom filter exception for tcp destination
port 8880 (source port=any) and make it stateful. You can use
FILTCFG.NLM on the BM server. Make it from private to public
interface.

Have a look at the URL below - you might be interested in my BMgr
filtering book for help on this.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

In article <FkILk.3318$Fg1.535@kovat.provo.novell.com>, Nanu
Kalmanovitz wrote:

> Source: Private
> Destination: Public

OK, this allows packets to go from a host on the inside out to the
Internet. (This is NOT data from the proxy to the Internet).

>
> Protocol: TCP
> Source: ALL
> Destination: 8880
> ACK: Disabled
> Stateful: Enabled

This all looks good.

>
> Src Addr Type: Any Address

This means any host, which means any host inside BMgr since you
selected the internal interface as the source interface.

> Dest Addr Type: Host
> Dest IP Address: my server public address (NAT)

This doesn't make sense to me. You want to allow traffic on port 8880
from an internal pc to the public address of the server? Why? If
there is some service running on the server, it would normally be
listening on the private address, in which case you would not need a
filter exception to access it from the inside. If the service is
running on some internet host, then you might want to specify a public
IP address (or Any), but certainly not the BMgr address as the
destination.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Hi!

>> Src Addr Type: Any Address

>This means any host, which means any host inside BMgr since you
>selected the internal interface as the source interface.

> Dest Addr Type: Host
> Dest IP Address: my server public address (NAT)

>> Dest Addr Type: Host
>> Dest IP Address: my server public address (NAT)

>This doesn't make sense to me. You want to allow traffic on port 8880
>from an internal pc to the public address of the server? Why? If
>there is some service running on the server, it would normally be
>listening on the private address, in which case you would not need a
>filter exception to access it from the inside. If the service is
>running on some internet host, then you might want to specify a public
>IP address (or Any), but certainly not the BMgr address as the
>destination.

I'm using the Novell SBS 6.5 tree with 3 servers:

1. Border Manager 3.8- sp1
2. GroupWise (NAT) - sp1
3. WEB (NAT) sp6 - Apache 2.0.59, MySQL ver. 5.0.67, PHP 5.2.6.

I want to permit some one from the public side to access the WEB (third) server with the RDBHOST.NLM (port 8880) uyility to check\maintain the server.

TIA

Nanu

>>> Craig Johnson<craigsj@ix.netcom.com> 22/10/2008 23:49:44 >>>
In article <FkILk.3318$Fg1.535@kovat.provo.novell.com>, Nanu
Kalmanovitz wrote:

> Source: Private
> Destination: Public

OK, this allows packets to go from a host on the inside out to the
Internet. (This is NOT data from the proxy to the Internet).

>
> Protocol: TCP
> Source: ALL
> Destination: 8880
> ACK: Disabled
> Stateful: Enabled

This all looks good.

>
> Src Addr Type: Any Address

This means any host, which means any host inside BMgr since you
selected the internal interface as the source interface.

> Dest Addr Type: Host
> Dest IP Address: my server public address (NAT)

This doesn't make sense to me. You want to allow traffic on port 8880
from an internal pc to the public address of the server? Why? If
there is some service running on the server, it would normally be
listening on the private address, in which case you would not need a
filter exception to access it from the inside. If the service is
running on some internet host, then you might want to specify a public
IP address (or Any), but certainly not the BMgr address as the
destination.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

In article <6OULk.3547$Fg1.2939@kovat.provo.novell.com>, Nanu Kalmanovitz wrote:
> I want to permit some one from the public side to access the WEB (third) server with the RDBHOST.NLM
(port 8880) uyility to check\maintain the server.
>
Then the destination IP address is the Web server's internal address. The source address is Any. The
source interface is public and destination interface is private.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Thanks!

I can't try the new configuration since there is an old one that I can't change. I tryed to delete it, but it reapears after unload\load IPFLT.

How can I fix this new problem?

TIA

Nanu



>>> Craig Johnson<craigsj@ix.netcom.com> 23/10/2008 15:13:45 >>>
In article <6OULk.3547$Fg1.2939@kovat.provo.novell.com>, Nanu Kalmanovitz wrote:
> I want to permit some one from the public side to access the WEB (third) server with the RDBHOST.NLM
(port 8880) uyility to check\maintain the server.
>
Then the destination IP address is the Web server's internal address. The source address is Any. The
source interface is public and destination interface is private.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

In article <WO1Mk.3706$Fg1.1859@kovat.provo.novell.com>, Nanu Kalmanovitz wrote:
> I can't try the new configuration since there is an old one that I can't change. I tryed to delete it,
but it reapears after unload\load IPFLT.
>
I assume you get a -6001 error on the logger screen every time you try to edit/delete that exception?

> How can I fix this new problem?

My method is to delete and reimport the filters with a filtsrv migrate procedure.

Start by making a backup of the files in sys:etc. You at least need to get a good copy of filters.cfg put
somewhere outside of ETC.



Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***