beautypg.com

Compaq AA-Q88CE-TE User Manual

Page 32

background image

Starting and Setting Up RTR
2.9 Network Transports

2.9.2 Using RTR with DHCP and Internet Tunnels

When using RTR with DHCP or an Internet tunnel, a nodename may not be fully
known; special naming techniques are provided for these conditions.

Anonymous Clients

RTR allows the use of wild cards when specifying the frontends that a router
is permitted to accept connections from (that is, in the facility definition on the
router). Valid wild card characters are ‘‘*’’, ‘‘%’’ and ‘‘?’’. The result of using a wild
card character at facility configuration time is the creation of a template link.

When operating RTR in conjunction with the Compaq Internet Personal Tunnel,
a client system outside of the corporate firewall uses tunnel software to obtain
a secure channel from the Internet to inside the corporate domain. The tunnel
client is assigned an address by the tunnel server from a pool when the tunnel
software starts up.

When an RTR router receives a connection request from RTR running on this
client, the source of the address is the address assigned by the tunnel server.
There is no longer a fixed relationship between the client and its address. The
method of configuring the router to accept such a connection is to define the
frontends nodes with all the possible addresses that the tunnel server can assign
to tunnel clients; you can do this with wildcards. For example,

RTR> create facility . . ./frontend=*.pool.places.dec.com

This command enables all nodes connecting through the tunnel to connect as
frontends. The anonymous client feature may also be used with frontends that
are using DHCP for TCP/IP address assignment.

Using the Tunnel Prefix

By using the node name prefix ‘‘tunnel.’’, it is possible to configure RTR to accept
a network connection from a particular remote node even if it is connecting via a
Internet tunnel using an unknown pseudoadapter address. This method allows
stricter access control than the anonymous client feature where wild cards may
be used when specifying a remote node name. For example, on the router node
behind a firewall, the facility definition could include:

RTR> create facility . . ./router=router.rtr.dec.com -

/frontend=tunnel.client.rtr.dec.com

The definition on the frontend could be

RTR> create facility /router=router.rtr.dec.com -

/frontend=client.rtr.dec.com

Troubleshooting Tunnel and Wildcard Connections

To assist in diagnosing connect acceptance problems, use the monitor picture
ACCFAIL. This picture displays the recent history of those links from which the
local node has refused to accept connections. It displays the failed link name
as provided by the network transport, and can assist in rapidly identifying any
problems.

TCP Services File

RTR uses the TCP/IP port number 46000 for the network communication
daemon

rtr rtrd

.

On UNIX platforms, you should edit the file

/etc/services

to add the line

rtracp

46000/tcp

2–14 Starting and Setting Up RTR

See also other documents in the category Compaq Hardware: