Third Edition, Revision 2
November 27, 2002
Craig Johnson
Novell Support Connection SysOp
322 Pages. Replaces the Third Edition
(revision
1, September 1, 2002)
You can buy this book and the Beginner's Guide to BorderManager 3.x as a bundle and receive a $5 discount by using the Book Bundle ordering link lower on this page.
If you purchase this version of the book on May 3 or later, you
will get the next version for free. I am working on a BorderManager 3.9 version,
and I was not able to get it completed in time for the BorderManager 3.9
release (which was May 1). However, I am offering a book bundle discount if
you buy both my Beginner's Guide to BorderManager 3.x and this book at the same
time.
Errata (corrections to the book) are shown at this LINK.
The purpose of this book is to help readers configure packet
filter exceptions in Novell BorderManager 2.1 and 3.x. I wrote this book after
spending over three years answering questions on Novell's BorderManager
products in the Novell Support Connection forums and setting up numerous
BorderManager servers myself. After answering many of the same types of
questions day after day, I could see a clear need for a book that explains how
packet filters work and how to set up filter exceptions.
I also gained some insight into the level of experience of the typical
BorderManager administrator who frequents the Novell Support Connection public
forums. Most have some knowledge of TCP/IP, routing, proxies, and filters,
but do not have the breadth and depth of knowledge to feel comfortable in
dealing with packet filtering. Even those public forums users who were
comfortable with packet filtering frequently need a little help in understanding
how all the parts fit together, or simply want a quick explanation for a
particular filter exception. This book is written to the level of understanding
of that 'average' forum user. Despite the title, this book is not
limited to just the 'beginner', and it will prove a useful reference to even
quite advanced users. I often consult it when answering questions online.
One of the frequent complaints that most public forum users have about
documentation on Novell products is that there are not enough examples. I have
tried to address that concern in this book by providing many examples. As is
true with most people, I find it easier to understand the theory behind a
complex networking function when I can see an example.
Therefore, I provide explanations of how packet filters operate and examples of
working packet filter exceptions. Readers can take the examples provided, in
most cases simply substitute their interface names or IP addresses, and have
their own custom filter exceptions working in a very short amount of time. In
particular, I discuss and provide examples of packet filter exceptions for:
Most of the discussion and examples focus on the filtering capabilities provided with BorderManager 3.x (such as stateful filtering), but mention is also made of the limitations of BorderManager 2.1 and how to work around them.
After the Third Edition was released in September 2002, I found
out some additional information that I felt would be useful to put in the book
for troubleshooting BorderManager 3.7-3.9 filtering issues. I also wanted to add in
a simpler example for customizing filtering in the Advanced chapter. The more
I wrote on troubleshooting, the more things I thought of to include, and
consequently, the Troubleshooting chapter got quite a few more tips. The book
itself expanded from 314 pages to 322 pages.
My intention on this version is that anyone with a previous revision of the
Third Edition (beta1 or revision 1) will get this version for free. If you have
the First Edition (November 1999) or Second Edition (December 2001), you will
have to pay for an updated copy.
Since the Second Edition came out in December 2001, BorderManager
3.7 came along. There are major differences in how BorderManager 3.7 through 3.9
handle filtering, and I have tried to address that in this version.
This book by Craig Johnson, Novell Support Connection SysOp, is
available only in Adobe Acrobat PDF format here.
You can buy this book and the Beginner's Guide to BorderManager 3.x as a bundle and receive a $5 discount by using the ordering link lower on this page.
This book can be purchased online here by using a secure shopping
cart system and a credit card. You can also purchase a copy by emailing Craig
Johnson Consulting at cjcsales2 "@" craigjconsulting "dot" com, providing a purchase order number
and paying by check (much slower).
By purchasing online with a credit card, you can download a copy the same day
you order it!
Want to buy the Beginner's Guide to Configuring Filter Exceptions AND
the Beginner's Guide to BorderManager 3.x book at the same time?
Refund policy - if you have ordered the wrong book, or incorrectly ordered too many copies, contact the author at cjcsales2 "@" craigjconsulting "dot" com or via mail at the address below within a couple of days to arrange a refund. Be sure to put 'Book order question' somewhere in the subject line to get through spam filters.
Craig Johnson
Box 5176
Carefree, AZ 85377-5176
USA
Craig Johnson has been working with computers since he wrote his
first program in college at Purdue University in 1971. Currently Craig owns his
own consulting business based in Phoenix, Arizona and working
on projects around the continent (and beyond). Many of Craig's clients became
familiar with him through his forum work or books.
Craig has been a Novell Support Connection Sysop for over five years, and he
specializes in (naturally) the BorderManager forums at support-forums.novell.com
(NNTP). Craig has been working with BorderManager since before
the official release of BorderManager version 1. Through the Novell Support
Connection forums, Craig has provided advice on several thousand BorderManager
installations.
Craig is the only non-Novell employee on the BorderManager Core Development Team.
Craig has also presented sessions on BorderManager packet filtering and
BorderManager troubleshooting at the Novell BrainShare seminar in Salt Lake City.
When not spending 12 hours per day at a computer, Craig likes to work out in
Taekwondo, where he holds the rank of Black Belt, fourth degree and is a
certified instructor.
Most days, Craig can be reached via the Novell Support Connection Public Forums,
in the BorderManager sections. His web site is
http://www.craigjconsulting.com.
Craig is available for hire, and does the majority of his BorderManager
consulting work over the Internet, with clients all over the world.
Comments on the second and third editions of the book:
"In a sentence, your filter exception book should be mandatory
reading for anyone using Novell BorderManager. Thanks for making my life easier.
Sincerely,
Ned Grubb, CNE
Information Technology Director"
"Hi Craig,
I just wanted to say first off, thanks again for your help with my "sorta DMZ"
setup. It seems to be working very well. Secondly, I just wanted to let you
know that I have read your book and it's one of the best how-to books I've ever
read. I found the language to be clear and concise and your examples are
incredible. I'm more of a visual person so seeing the examples has helped me
get a thorough understanding of filter exceptions, along with when to use
stateful and when to use ACK bit filtering. I've since created a few packet
types and exceptions of my own from scratch and they've worked exactly like I
wanted them too.
I would recommend this book to anyone that is using BM or is thinking about
using it. My only regret is not having the book sooner, it would have saved me
several headaches.
Thanks for a great book!
Phil"
Since the first edition of this book has been available for
purchase on-line, copies have been sold to readers in the Aaland Islands,
Australia, Austria, Belgium, Botswana, Brazil, Canada, Columbia, Croatia,
Denmark, Ecuador, Finland, France, Germany, Greenland, Hong Kong, Ireland,
Israel, Italy, Japan, Kuwait, Macau, Maldives, Mexico, Netherlands,
ew Zealand, Norway, Phillipines, Poland, Scotland, Singapore, Slovak Republic,
South Africa, Spain, Sweden, Switzerland, Thailand, Turkey, UK, USA and
Venezuela. Reaction has been extremely positive!
Some comments on the First Edition via email or from the Novell Public Forums:
"Was well written and easy to understand."
"I would have never got as far as I did or as fast as I did without the book.
Awesome job."
"I got my copy yesterday and my initial reaction to your document is very
positive. It's a document I'm going to recommend my customers get a copy of
after I've set BM up for them. I can't count the number of panic calls I get
after they've butchered their filters up. Good for revenue I guess but I don't
have the time to keep running out on
emergency packet filter calls. Good Job!!"
"Your book looks great. It is very interesting and easy to read. "
"Book is very helpful! I have been trying unsuccessfully to use the defaults
plus the exceptions in NTS filt01a.exe. The book has given me some confidence
to go back to the defaults and add the exceptions which I need from the book."
"I bought it, I have only read/used about 3 pages so far and its already paid
for itself. A must have, I laughed I cried...
When is the VPN volume coming out? <G>"