Novell IP Gateway Prerequisites

Before you set up the Novell IP Gateway, you must meet the following prerequisites:

• Novell IP Gateway Prerequisites

Server Prerequisites

Before setting up the Novell IP Gateway, verify that the following prerequisites have been met for the gateway server:

• A registered IP address has been obtained for each public interface.
• TCP/IP has been enabled for one or more interface boards (accomplished by successful Novell BorderManager 3.7 installation).
• For interfaces that have TCP/IP enabled, IP packet forwarding or static routing has been enabled to use a static routing table.

  To enable IP packet forwarding from the server console, load INETCFG, select Protocols > TCP/IP, and change the status of IP Packet Forwarding from Disabled End Node to Enabled Router.

  To set up static routing from the server console, load INETCFG, select Protocols > TCP/IP enable LAN Static Routing > select LAN Static Routing Table to enter static routes.

• (For IPX^TM/IP gateway service only) The IPX protocol has been set up and bound to at least one interface.

  To set up IPX from the server console, load INETCFG > select Protocols > IPX. To bind IPX to an interface on the server, load INETCFG and select Bindings.

• An Internet Service Provider (ISP) connection has been set up with enough bandwidth for the number of users on your network.

  If the Novell BorderManager 3.7 server does not provide the connection to the ISP, ensure that the server has a static route set up or that the router to the ISP is in the Novell BorderManager 3.7 server's routing path.

• Novell Public Key Infrastructure (PKI) Services and Secure Authentication Service (SAS) have been installed on the server to support Secure Sockets Layer (SSL) authentication of SOCKS 5 clients.

  PKI and SAS are installed automatically during Novell BorderManager 3.7 installation if the services have not been previously installed.

  After SAS and PKI are installed, you must use the PKI snap-in to NetWare Administrator to perform following SSL-related administrative task:

  • Importing certificates signed by an external Certificate Authority (CA)
  • Creating and managing Key Material objects (KMOs) used to store key pairs in NDS^® or Novell eDirectory^TM
  • Creating an NDS or eDirectory tree CA to sign certificates used on a private network

  More information about Novell PKI Services and certificate authorities is located in the NetWare online documentation.

  Refer to the Novell PKI online help in NetWare Administrator for the procedures to create and manage NDS or eDirectory tree CAs and KMOs.

• Domain Name System (DNS) Resolver setup has been performed to provide a valid domain name for the DNS and an IP address of at least one DNS name server to resolve IP hostnames. This should have been done by you during the BorderManager product installation. If the DNS Resolver has not been set up, refer to Novell IP Gateway Prerequisites.
• Packet filtering has been set up to allow DNS query and response packets.

  Default installation sets packet filtering to block all incoming and outgoing traffic. To modify the packet filtering setup, refer to Setting Up Packet Filters.

Setting Up the DNS Resolver

To set up the DNS Resolver, complete the following steps at the server console:

1. Enter LOAD NIASCFG, then select Configure NIAS > Protocols and Routing > Protocols > TCP/IP > DNS Resolver Configuration.

2. Enter the DNS domain name for your corporation or organization.

   Your ISP typically supplies this name. Domain names usually take the form company_name.com or organization.org. For example, novell.com or acme.org.

3. Enter the IP addresses of up to three DNS name servers in the Name Server fields.

   ISPs often provide access to multiple DNS name servers.

4. Press Esc to select Yes to update the TCP/IP configuration.

5. Pres Esc until you return to the Internetworking Configuration menu > select Reinitialize System and exit NIASCFG.

Client Prerequisites

Client prerequisites are provided in the following sections:

• Novell IP Gateway Prerequisites

Novell IP Gateway Administration Prerequisites

The client used by an administrator to set up Novell IP Gateway services must have the following installed:

• Windows 98, Windows* 2000, Windows* XP, Windows* Me or Windows* NT.
• The Novell Client^TM for Windows software
• The Novell BorderManager 3.7 snap-in modules to NetWare Administrator
• If the Novell IP Gateway's SOCKS service will be set up to use SSL, a Novell PKI Services snap-in module to NetWare Administrator

NOTE:  The Novell BorderManager 3.7 and PKI snap-in modules can be installed on the server instead of the client. This is preferable if an administrator uses multiple client machines but has a login script to consistently map a drive to the directory from which NetWare Administrator is run (the same directory where the snap-in modules are installed).

IPX/IP Gateway Client Prerequisites

A client accessing the Internet using the IPX/IP gateway service must have the following installed:

• Windows 98, Windows 2000, Windows XP, Windows Me or Windows NT
• The Novell Client for Windows software
• The Novell IP Gateway component of the Novell Client software

IP/IP Gateway Client Prerequisites

A client accessing the Internet using the IP/IP gateway service must have the following installed:

• Windows 98, Windows 2000, Windows XP, Windows Me or Windows NT
• The Novell TCP/IP stack (for Windows 3.1 clients) or the Microsoft* TCP/IP stack (for all other Windows clients)
• The Novell Client for Windows software
• The Novell IP Gateway component of the Novell Client software

SOCKS Client Prerequisites

A SOCKS client accessing the Internet using the Novell IP Gateway SOCKS service does not need special configuration. However, to enable the Novell IP Gateway to verify or authenticate SOCKS users, the following is required:

• An administrator must create a User object in NDS or eDirectory for each SOCKS user.

  A SOCKS user who also uses Novell Client software already has a User object. However, SOCKS users whose client machines are UNIX*, Macintosh*, or OS/2*, most likely require a new User object.

• The usernames and passwords created in NDS or eDirectory should match the usernames and passwords SOCKS 5 clients already use to avoid confusion. This prerequisite does not apply to SOCKS 4 users because they do not have to use passwords for authentication.