Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IP/IPX gateway not working when rules are enabled.

1 view
Skip to first unread message

Brutus

unread,
Sep 20, 2000, 3:00:00 AM9/20/00
to
When rules are enable the gateway doesn't function. It's works when not
enabled. I have port 8225 open in the rules so that's can't be it. I
did see a TID on downloading file 201656.exe when using client 3.1
which we are (with sp1 and 2), but I can't find it. The file needed is
cproxy95.nln per this TID. Can anyone help me out on this?

Thanx in advance

Bruce W.

FYI: NW 5.1 sp1, BM 3.5 sp3, GW 5.5 sp3a


* Sent from Novell Discussion Forums http://novell.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!


CSL

unread,
Sep 21, 2000, 3:00:00 AM9/21/00
to
hi Bruce,

I can't even find the TID that references that file. What TID number was
it?
You will probably have to contact Novell to get that file.
By the way, there is only one configuration with which you can have the
IPX/IP gateway and the proxy with authentication working together, and
this is:

- Enable IPX/IP gateway with SSO authentication (SSL will not work)
- Enable HTTP transparent proxy
- Enable SSO authentication to the proxy

In this configuration your users will be able to use the proxy even
without addressing directly the proxy in their browser, and it *should*
work even without the patch.
If you configure the browser to use the proxy you will need the patch,
but you will still need to have the transparent proxy enabled.
Unfortunately this means that the IPX/IP gateway users will be affected
by the flaws of the transpqarent proxy.

Actually, if you have IPX/IP gateway users and pure IP users, I
recommend you don't use the standard transparent proxy, but you rather
use the command line:

set nwgateway client transparent proxy =on/off

that will only affect the gateway users, and not the pure IP users.
Let me know.

Note, I would try to get rid of the IP gateway as fast as possible...
--
Cat
Novell Support Connection Volunteer

Brutus

unread,
Sep 21, 2000, 3:00:00 AM9/21/00
to
Thanx Cat, lots of good info here. The TID I was mentioning is 2952481
and the file is 201870, not 201656 (wow what was I thinking, just too
many number in my head I guess). I can't wait to try it out.

Why move away from the gateway? I know pure IP would be the the thing
to do but I was thinking more about security. And the main Print/File
server is a 4.11, the BM 3.5 and GW 5.5 is on NW 5.1. In your opinion
would it be worth upgrading the 4.11 server. The main problem I'm
facing is the trafic and if I could get rid of one of the protocals on
the wire it would help alot. I have already segmented off a chunk of
PC's to resolve the trafic but it's still not enough.

CSL

unread,
Sep 22, 2000, 3:00:00 AM9/22/00
to
hi,

> Thanx Cat, lots of good info here.

you are welcome.

> The TID I was mentioning is 2952481
> and the file is 201870, not 201656 (wow what was I thinking, just too

> many number in my head I guess). I can't wait to try it out.

I understand now. That file was created for me, as result of an incident
I opened with Novell. I should still have that file somewhere (I am not
using the ipx/ip gw anymore).


> Why move away from the gateway? I know pure IP would be the the thing

> to do but I was thinking more about security.

you can still have very good security in place in a pure IP environment.

You ask "why" to move away from the IPX/IP gateway? These are the
reasons:
- Novell will support still IPX for a while, but the trend is to move
away from it
- the IPX/IP gateway is a mature product, that means that no more
patched or fixes will be created for it.
The file you mention was the one of the very last files created for it,
and just because I work for a very good
Novell's costumet (and because I made a LOT of noise). The (very nice)
Novell Engineer who took care of
this incident probably still has nightmares about me :-)
- with the ipx/ip gateway you are forced to use the transparent proxy,
that is slow and buggy.

> And the main Print/File
> server is a 4.11, the BM 3.5 and GW 5.5 is on NW 5.1. In your opinion

> would it be worth upgrading the 4.11 server.

Yes, even though it is not extremely urgent. Novell considers now NW4.x
as a mature product, too, therefore it means that it is close to its end
of life.
Anyway, moving away from the IPX/Ip gateway doesn't mean removing
completely IPX from your LAN. You can still have IPX for a period of
time on your LAN, and run the dual stack (IPX and IP) on your clients.

> The main problem I'm
> facing is the trafic and if I could get rid of one of the protocals
on
> the wire it would help alot. I have already segmented off a chunk of
> PC's to resolve the trafic but it's still not enough.

Adding IP will not increase the traffic on your LAN provided that your
clients and servers are well configured. Indeed, a client using the
IPX/IP gateway produces more traffic than a client with native IP to
browse the same HTML page.

0 new messages