Novell BorderManager: A Beginner's Guide to Configuring Filter Exceptions

Third Edition, Revision 2
November 27, 2002
Craig Johnson
Novell Support Connection SysOp

322 Pages. Replaces the Third Edition (revision 1, September 1, 2002)

See the Table of Contents for the Third Edition, Revision 2 (PDF format) here.

Note: This $39.95 book is sold only in Adobe Acrobat PDF format by clicking HERE.

You can buy this book and the Beginner's Guide to BorderManager 3.x as a bundle and receive a $5 discount by using the Book Bundle ordering link lower on this page.

If you purchase this version of the book on May 3 or later, you will get the next version for free. I am working on a BorderManager 3.9 version, and I was not able to get it completed in time for the BorderManager 3.9 release (which was May 1). However, I am offering a book bundle discount if you buy both my Beginner's Guide to BorderManager 3.x and this book at the same time.

Errata (corrections to the book) are shown at this LINK.

What This Book is About

The purpose of this book is to help readers configure packet filter exceptions in Novell BorderManager 2.1 and 3.x. I wrote this book after spending over three years answering questions on Novell's BorderManager products in the Novell Support Connection forums and setting up numerous BorderManager servers myself. After answering many of the same types of questions day after day, I could see a clear need for a book that explains how packet filters work and how to set up filter exceptions.

I also gained some insight into the level of experience of the typical BorderManager administrator who frequents the Novell Support Connection public forums. Most have some knowledge of TCP/IP, routing, proxies, and filters, but do not have the breadth and depth of knowledge to feel comfortable in dealing with packet filtering. Even those public forums users who were comfortable with packet filtering frequently need a little help in understanding how all the parts fit together, or simply want a quick explanation for a particular filter exception. This book is written to the level of understanding of that 'average' forum user. Despite the title, this book is not limited to just the 'beginner', and it will prove a useful reference to even quite advanced users. I often consult it when answering questions online.

One of the frequent complaints that most public forum users have about documentation on Novell products is that there are not enough examples. I have tried to address that concern in this book by providing many examples. As is true with most people, I find it easier to understand the theory behind a complex networking function when I can see an example. Therefore, I provide explanations of how packet filters operate and examples of working packet filter exceptions. Readers can take the examples provided, in most cases simply substitute their interface names or IP addresses, and have their own custom filter exceptions working in a very short amount of time. In particular, I discuss and provide examples of packet filter exceptions for:

• Outbound traffic for AOL Instant Messenger (AIM), Cisco VPN Client, Client-to-Site Novell VPN Client, Citrix, DNS, FTP, GroupWise Remote Client, ICQ, IMAP, Microsoft MSN Messenger, Microsoft Windows Media Player, NNTP, NTP/SNTP, pcANYWHERE, PING, POP3, RDATE, RealAudio, RTSP SMTP, SSL, TELNET, Terminal Server and VNC
• Inbound traffic to reverse proxy acceleration of internal web servers on secondary IP addresses, generic TCP proxy for Portal Web Manager and RCONJ, and DHCP for PC’s on the public subnet, and for the BorderManager server acting as a DHCP client.
• Inbound traffic through static NAT configurations for Citrix WinFrame, FTP, GroupWise Remote Client, GroupWise Web Access Spell Check, IMAP, Lotus Notes Client, Microsoft Terminal Server, pcANYWHERE, POP3, SMTP, VNC and Web Servers.
• Numerous filter exceptions particular for BorderManager 3.7 are shown, including addition exceptions not previously needed with previous versions of BorderManager for VPN and other functions. Most of the filtering information for BorderManager 3.8 and 3.9 is the same as 3.7, but I am working on including new sections in the next release of this book to include those versions.

Most of the discussion and examples focus on the filtering capabilities provided with BorderManager 3.x (such as stateful filtering), but mention is also made of the limitations of BorderManager 2.1 and how to work around them.

What's New in the Third Edition (Revision 2)

After the Third Edition was released in September 2002, I found out some additional information that I felt would be useful to put in the book for troubleshooting BorderManager 3.7-3.9 filtering issues. I also wanted to add in a simpler example for customizing filtering in the Advanced chapter. The more I wrote on troubleshooting, the more things I thought of to include, and consequently, the Troubleshooting chapter got quite a few more tips. The book itself expanded from 314 pages to 322 pages.

My intention on this version is that anyone with a previous revision of the Third Edition (beta1 or revision 1) will get this version for free. If you have the First Edition (November 1999) or Second Edition (December 2001), you will have to pay for an updated copy.

What's New in the Third Edition (revision 1)

Since the Second Edition came out in December 2001, BorderManager 3.7 came along. There are major differences in how BorderManager 3.7 through 3.9 handle filtering, and I have tried to address that in this version.

• There are several new BorderManager filtering examples, including a number of new exceptions necessary to get reverse proxies to function, and to get VPN to work.
• The new iManager GUI interface is shown, discussed, and troubleshooting tips are provided.
• BorderManager 3.7 - 3.9 stores IP filters and exceptions in NDS. Backing up the filters from NDS is covered, as is restoring them.
• I have tried to stress that BorderManager 3.7 - 3.9 has such different default exceptions that the administrator will have to understand how applications work, and add additional filter exceptions that were previously not needed. Numerous examples are shown.
• The book has grown from 233 pages to 314 pages, mainly due to the number of new exception examples, and for showing how the iManager GUI interface for configuring a filter exception works. There are several troubleshooting tips specifically for issues related to BorderManager 3.7-3.9 filtering.

Purchasing Information

This book by Craig Johnson, Novell Support Connection SysOp, is available only in Adobe Acrobat PDF format here.

Click HERE to purchase this book for only $39.95!

You can buy this book and the Beginner's Guide to BorderManager 3.x as a bundle and receive a $5 discount by using the ordering link lower on this page.

This book can be purchased online here by using a secure shopping cart system and a credit card. You can also purchase a copy by emailing Craig Johnson Consulting at cjcsales2 "@" craigjconsulting "dot" com, providing a purchase order number and paying by check (much slower).

By purchasing online with a credit card, you can download a copy the same day you order it!

Buy Both Books, Get a $5 Discount!

Want to buy the Beginner's Guide to Configuring Filter Exceptions AND the Beginner's Guide to BorderManager 3.x book at the same time?

Click here to purchase both BorderManager books at once, with a $5 discount - $99.90.

Refund policy - if you have ordered the wrong book, or incorrectly ordered too many copies, contact the author at cjcsales2 "@" craigjconsulting "dot" com or via mail at the address below within a couple of days to arrange a refund. Be sure to put 'Book order question' somewhere in the subject line to get through spam filters.

Craig Johnson
Box 5176
Carefree, AZ 85377-5176
USA

About the Author

Craig Johnson has been working with computers since he wrote his first program in college at Purdue University in 1971. Currently Craig owns his own consulting business based in Phoenix, Arizona and working on projects around the continent (and beyond). Many of Craig's clients became familiar with him through his forum work or books.

Craig has been a Novell Support Connection Sysop for over five years, and he specializes in (naturally) the BorderManager forums at support-forums.novell.com (NNTP). Craig has been working with BorderManager since before the official release of BorderManager version 1. Through the Novell Support Connection forums, Craig has provided advice on several thousand BorderManager installations.

Craig is the only non-Novell employee on the BorderManager Core Development Team.

Craig has also presented sessions on BorderManager packet filtering and BorderManager troubleshooting at the Novell BrainShare seminar in Salt Lake City.

When not spending 12 hours per day at a computer, Craig likes to work out in Taekwondo, where he holds the rank of Black Belt, fourth degree and is a certified instructor.

Most days, Craig can be reached via the Novell Support Connection Public Forums, in the BorderManager sections. His web site is http://www.craigjconsulting.com. Craig is available for hire, and does the majority of his BorderManager consulting work over the Internet, with clients all over the world.

Testimonials

Comments on the second and third editions of the book:

"In a sentence, your filter exception book should be mandatory reading for anyone using Novell BorderManager. Thanks for making my life easier.

Sincerely,
Ned Grubb, CNE
Information Technology Director"

"Hi Craig,

I just wanted to say first off, thanks again for your help with my "sorta DMZ" setup. It seems to be working very well. Secondly, I just wanted to let you know that I have read your book and it's one of the best how-to books I've ever read. I found the language to be clear and concise and your examples are incredible. I'm more of a visual person so seeing the examples has helped me get a thorough understanding of filter exceptions, along with when to use stateful and when to use ACK bit filtering. I've since created a few packet types and exceptions of my own from scratch and they've worked exactly like I wanted them too.

I would recommend this book to anyone that is using BM or is thinking about using it. My only regret is not having the book sooner, it would have saved me several headaches.
Thanks for a great book!
Phil"

Since the first edition of this book has been available for purchase on-line, copies have been sold to readers in the Aaland Islands, Australia, Austria, Belgium, Botswana, Brazil, Canada, Columbia, Croatia, Denmark, Ecuador, Finland, France, Germany, Greenland, Hong Kong, Ireland, Israel, Italy, Japan, Kuwait, Macau, Maldives, Mexico, Netherlands, ew Zealand, Norway, Phillipines, Poland, Scotland, Singapore, Slovak Republic, South Africa, Spain, Sweden, Switzerland, Thailand, Turkey, UK, USA and Venezuela. Reaction has been extremely positive!

Some comments on the First Edition via email or from the Novell Public Forums:

"Was well written and easy to understand."
"I would have never got as far as I did or as fast as I did without the book. Awesome job."
"I got my copy yesterday and my initial reaction to your document is very positive. It's a document I'm going to recommend my customers get a copy of after I've set BM up for them. I can't count the number of panic calls I get after they've butchered their filters up. Good for revenue I guess but I don't have the time to keep running out on emergency packet filter calls. Good Job!!"
"Your book looks great. It is very interesting and easy to read. "
"Book is very helpful! I have been trying unsuccessfully to use the defaults plus the exceptions in NTS filt01a.exe. The book has given me some confidence to go back to the defaults and add the exceptions which I need from the book."
"I bought it, I have only read/used about 3 pages so far and its already paid for itself. A must have, I laughed I cried...
When is the VPN volume coming out? <G>"

Please click here to purchase this book for $39.95.

Return to the Main Page