Eicon Networks CX1 Manuel d'installation télécharger pdf (Page 94)

G&R

USER expression:

The expression is the user name that is supplied by the client in the ‘logon

packet’ (in the -us parameter). The user name is normally the user account

name in the local client network. The asterisk (*) matches anything. Glink

clients need version 6.1.4 or later. For Host Link applications, release 5.3 or

later is required.

NODE expression:

The expression is the unique workstation (‘node’) name supplied by the client

in the ‘logon packet’ (in the -st parameter). This filter type is suitable in

configuration where the TCP expression cannot be used to identify a particular

workstation i.e. if DHCP is used or in some firewall configurations (the IP

address is generated dynamically). The workstation name is case sensitive. The

asterisk (*) matches anything. Glink clients need version 6.1.4 or later. For

Host Link applications, release 5.3 or later is required.

Use of filters to restrict access

In this example the class C IP networks 192.150.211.0, 193.71.16.0,

193.71.17.0, 193.71.18.0 and 193.71.19.0 should have access to both

CONAMEs. All other IP addresses should only have access to the tp8test

CONAME. Remember there is an implicit ‘deny’ of everything at the end of a

filter.

# define a CONAME for a TP8 test system ‘gartest’ with no filters

# the coname is then available to anyone

coname tp8test -desc “TP8 Testapplication gartest” -pool tp8test

-hm CXI –tm TXT 7801-da gartest -dn ph14

# define a coname for a mailbox ‘2wa-rno’ with a filter allowing only

# the desired IP addresses

coname 2warno -desc “TP8 Testapplication 2wa rec no” -filter external

-hm CXI -tm TXT7801 -da 2wa-rno -dx jimp -dn ph14

filter external

permit local * # allow Qsim, V78sim etc.

permit tcp 192.150.211.0/24 # allow class C network (use 24 bits)

permit tcp 193.71.16.0/22 # allow 16, 17, 18 and 19 (use 22 bits)

In this example all IP addresses except the ranges above should be prevented

from specifying any node name or application name parameters directly. This is

typically used to force access to happen through a CONAME.

# define a restrict parameter with a filter that allows through all

# TCP addresses which are to be restricted. The TCP addresses that are

# permitted by the filter meet the restriction

Gline Line Handlers and Configuration

1 2 ... 89 90 91 92 93 94 95 96 97 98 99 ... 132 133

Pas de commentaire

Eicon Networks CX1 Manuel d'installation Page 94