Building Intranets with IntranetWare

IPX and IP
IPX is used for private networks, while IP is used for private networks and global public networks (Internet).

Internet usage requires a unique registered IP address.

Name resolution:

  • IPX networks rely on NDS with the Service Advertising Protocol.
  • TCP/IP networks rely on either Host Tables or Domain Name Service (DNS) servers.

  • Host table - Contains a list of host name to IP address mappings. Used mainly on small networks. Found in SYS:ETC\HOSTS.

  • DNS (Domain Name Services) - A heirarchical server database which contains host name to IP address static mappings. Used mainly for larger networks and the Internet.

    NDS and bindery user authentication are used for IPX network security.

    Firewalls, which are used to prevent unauthorized packets from entering the network, are used for IP security. NDS authentication can be implemented for an extra layer of security.

    DOD Model
    Name OSI Relation Functions
    Process / Application Application, Presentation, Session Provides communications for applications between two systems.
    Host-to-Host Transport Responsible for packet handling. Ensures error-free delivery. Repackages messages, divides messages into smaller packets, and handles error handling.
    Internet Network Translates system names into addresses. Responsible for addressing, determining routes for sending, managing network traffic problems, packet switching, routing, data congestion, and reassembling data.
    Network Access Data Link, Physical Physical connection between two systems.

    Address Classes
    A 1-127
    B 128-191
    C 192-223

    Systems having both an IP and IPX address will have no address conflicts between the two, as each protocol uses different types of communications and routing.

    Configuring TCP/IP on a NetWare server:

      1) Type CONFIG or modules to make sure TCP/IP has not been loaded.
      2) Type LOAD INETCFG to load INETCFG.NLM.
      3) Enable TCP/IP in the Protocols section in INETCFG.
      4) Bind the address and subnet mask to the network card through the Bindings section.
      5) Type REINITIALIZE SERVER or DOWN | RESTART SERVER to initialize the bindings.

    Ports
    HTTP 80
    FTP 21
    NNTP 119
    SMTP 25
    POP3 110
    Finger 79
    SNMP 161
    SNMP-Trap 162
    Printer (LPR) 515
    Telnet 23

    • IPX/IP Gateway
    Provides Internet connectivity for IPX networks without having to add TCP/IP to each workstation. Incoming IP traffic is converted to IPX by the gateway and sent to the client; Outgoing IPX traffic is converted to IP by the gateway and sent to the Internet.

  • IPXGW.NLM - adds gateway services to a NetWare server.

    Gateway benefits:

    • Will not need to manage client IP addresses.
    • Simplifies security, only one protocol used for internal network access.
    • Uses existing IPX and NDS infrastructure.

    Gateway requirements (beyond normal NetWare requirements):

    • Add 4MB RAM
    • Add 500KB RAM for every additional 100 connections using the gateway

    Installed through INSTALL.NLM and the path of directory CDROM or NetWare Server PathNIAS\INSTALL.

    Gateway configuration is performed through INETCFG.NLM | Protocols | TCP/IP | Gateway Configuration

    Gateway settings:

    • IPX/IP Gateway - Enables or disables the gateway.
    • Client Logging - Enables or disables client access statistics and information. Logged to SYS:GW_AUDIT.LOG.
    • Console Messages - Specifies level of logging - Informational, Warnings, Errors.
    • Access Control - Enables or disables client access restrictions through NDS. When disabled, access is unrestricted.

    Client DNS settings are configured through the INETCFG - Gateway configuration section. Specifies network domain name and DNS servers used for name resolution.

    Updated Client32 software will need installed from the Internet Access Server 4 CD. This Client32 software contains:

    • Special version of WINSOCK.DLL is installed on client systems to place all TCP packets into IPX packets instead of IP packets.
    • Gateway Switcher - Enables/disables gateway client. This will update the NOVWS.INI file accordingly.
    • WinPing - Used to ping a system throught the gateway.

    UDP is not supported by the gateway.

    If MS-TCP/IP is installed, disable the client gateway prior to using WinSock applications, to avoid conflicts.

  • NOVGWP16.EXE - Gateway support task for 16-bit WinSock apps in Win 3.1 and 95, and 32-bit WinSock apps in Win 3.1.

  • NOVGWPRC.EXE - Gateway support task for 32-bit WinSock apps in Win 95.

  • GWSWITCH.EXE (Win95) or GWSW16.EXE (Win3.1) - Graphical utility which allows enabling or disabling of the gateway.

    Gateway support tasks are used to locate the gateway server(s). Connects to the first gateway found based on the following search order:

      1) Preferred gateway server in NDS
      2) Other gateway server in NDS
      3) Preferred gateway server in bindery database
      4) Other gateway server using SAP

    Preferred gateway can be setup within the client through CONTROL PANEL | NETWORK or through the client installation software by clicking CUSTOMIZE | ADD | PROTOCOL | NOVELL | NOVELL NETWARE IPX/IP GATEWAY.

    Rights for IPX/IP Gateway:

    • Make [PUBLIC] a trustee of the Gateway object. Specify Browse Object rights and Read and Compare rights to all properties.
    • Make [PUBLIC] a trustee of the File Server object. Specify Browse Object rights and Read and Compare rights to the network address properties.
    • Make Gateway object a trustee of [ROOT]. Specify Browse Object rights and Read and Compare rights to all properties.

  • NWADMN3X.EXE - Used to create the NWADM3X.INI, which is used to allow the IPX/IP gateway snap-in utility for NWADMIN. Include IPXGW3X.DLL=IPXGW3X.DLL under [Snapin Objects DLLs WIN3X] in NWADM3X.INI to implement the snapin utility.

    User access can be limited through the IPX/IP gateway using:

    • Host restrictions
      • User access is restricted by IP address.
      • Host can be denied either at all times or at specified times.
    • Service restrictions
        • Options
      • Inherited default access
      • Unlimited access to all services
      • No access to any service
      • Access to specified service at certain times of day

    Restrictions can be set for any NDS object.

    Restrictions are inherited from higher levels of the tree unless custom restrictions are specified within the object.

    Restrictions are assigned in the order of (highest priority) Users, Groups, Containers.

  • GW_INFO.LOG - Records gateway messages, warnings and errors.

  • GW_AUDIT.LOG - Records gateway client access - time/date, port, service and corresponding IP address/host name.

    • Web Server
    Novell web server consists of the following NLMs:
    • HTTP.NLM - Allows ability to interpret HTTP requests.
    • BASIC.NLM - BASIC language interpreter.
    • PERL.NLM - PERL language interpreter.
    • NETDB.NLM - Network database interface between IP and NDS.

  • UNISTART.NCF - Starts web server and loads preceding NLMs.

  • UNISTOP.NCF - Stops web server and unloads preceding NLMs.

    Web server requirements (beyond normal NetWare requirements):

    • Additional 8MB RAM
    • Additional 3MB disk space plus proper space for web content
    • TCP/IP
    • Unique IP address
    • Long name space (needed for Java support)

    Web Directories
    Directory Contents Default IRF
    SYS:WEB Default directory for web server file placement. [SR----F-]
    SYS:WEB\CONFIG Contains server configuration files: HTTPD.CFG, SRM.CFG, ACCEESS.CFG, MIME.TYP. [SR----F-]
    SYS:WEB\DOCS Contains server HTML documents. [SR----F-]
    SYS:WEB\LOGS Contains server log files: ACCESS.LOG, ERROR.LOG, DEBUG.LOG. [SRWCMEFA]
    SYS:WEB\MAPS Contains image map files [SR----F-]
    SYS:WEB\SAMPLES Contains CGI samples and configuration information [SRWCMEFA]
    SYS:WEB\SCRIPTS Contains BASIC CGI scripts [SR----F-]

  • HTTPD.CFG - Server configuration file.

  • SRM.CFG - Resource configuration file.

  • ACCESS.CFG - Access control file.

  • SYS:/PUBLIC/WEBMGR.EXE - Web server help utility. Used to change preceding .CFG files.

    Full Server Name should be specified as the full domain name (www.cramsession.com) or the associated IP address.

    Mark Enable User Documents to allow users to publish web documents.

    User access to the web server can be allowed access or restricted by specifying:

    • Settings within the corresponding NDS object.
    • Full IP address of a system.
    • Partial IP address; an entire subnet.
    • DNS domain name; any system in the cramsession.com domain.

    MaxThreads specifies number of worker threads available on server; default=16. Each HTTP request starts a worker thread. Value is modified in the HTTPD.CFG file.

    Maximum Packet Receive Buffers defines the amount of memory available to receive incoming packets.

    CGI scripts take much processor utilization and will decrease the performance of the web server.

    • FTP Server
    FTP server requirements (beyond normal NetWare requirements):
    • Additional 12MB RAM
    • Additional 5MB disk space plus proper space for web content
    • TCP/IP
    • Unique IP address
    • NFS name space (NFS.NAM)

    FTP service consists of two modules:

    • FTPSERV.NLM
    • INETD.NLM - Activated FTPSERV.NLM when a client initiates a session.

    FTPSERV.NLM is only loaded when a client activates a session.

    To configure the FTP server, type LOAD UNICON at the NetWare prompt, select MANAGE SERVICES | FTP SERVER | SET PARAMETERS

    To create FTP users, select MANAGE GLOBAL OBJECTS | MANAGE USERS | BY NETWARE NAME | UNIX from the UNICON menu.

    To set file permissions, select PERFORM FILE OPERATIONS | VIEW/SET FILE PERMISSIONS | UNIX USER ID from the UNICON menu. Assign properties accordingly.

  • SYS:ETC\RESTRICT.FTP - Contains a list of IPs which are restricted from accessing the FTP server.

    Syntax for an FTP session through a browser:

    • ftp://user:password@ftp.cramsession.com

    FTP Server allows a maximum of 64 concurrent client connections.

    • Special Thanks to Matthew Morris, Hogan Lee, and Steven Robidas for writing material to make up the Cramsession for this exam!