The NBIPGW08 gateway runs under Sun Solaris. The NBIPGW08 gateway uses SSL encryption at one end (the client side) and converts to unencrypted format at the other end (the server side). The NBIPGW08 gateway can be used only on the server side. You can also use NBIPGW08 in the "demilitarized zone."
The NBIPGW08 gateway runs as a 32-bit program. It runs only on Sun Ultra 64-bit processors and uses XTI.
The NBIPGW08 gateway is started as a process in a Unix shell. For this reason, when there are a large number of connections, the process must be able to open a large number of sockets. For Solaris, the default configuration pre-defines only 256 file descriptors.
It is possible to check the number file descriptors with the command "ulimit -a". The value is returned and displayed under "nofiles(descriptors)". Before starting the redirector, the user has to set the number of descriptors based on the number of connections required. This is done using the command "ulimit -n xxxx".
Important!
Please note that the file descriptors can only be increased up to a "hard" limit. The system administrator must set this limit system-wide in the file "/etc/system" using the following values:
set rlim_fd_max=32768 # system-wide hard limit for file descriptors (max. 65535)
set rlim_fd_cur=1024 # system-wide soft limit
Attention:
Setting "set rlim_fd_cur" to a value higher than 1024 can lead to problems, e.g., the license daemon can no longer be started. For this reason, before starting the redirector, increase the number of file descriptors, e.g., using the command "ulimit -n 16000".
NBIPGW08 reads its configuration parameters from an .ini-file. The .ini-file can be edited with any usual ASCII-editor. Please note that this .ini file must observe the conventions for .ini files under Windows NT.
When NBIPGW08 is started, the first parameter specifies the name of the .ini-file.
NBIPGW08 xyz.ini
The .ini file can contain several sections whose name start with SSLGATE and specify the parameters of the connections to the clients and to the servers.
Each section contains the following parameters:
| FUNCTION | WTSGATE |
| GATEPORT | Port of the gateway. |
| SERVERINETA | IP address of the server to be connected. |
| SERVERPORT | Port of the server to be connected. |
| GATE_IN_INETA | IP address for input to gateway that comes from the client side (for use on multihomed systems, i.e. on systems that have several IP addresses). This parameter is optional. |
| GATE_OUT_INETA | IP address for output from gateway that is sent on the server side (for use on multihomed systems, i.e. on systems that have several IP addresses). This parameter is optional. |
| WTSINETAnnn | URL (IP address and port) of Load Balancing function |
| WTS_BR_PORT | Port for broadcast Load Balancing function |
| WTS_CHECK_NAME | YES/NO, optional, check name SSL/WTS |
| TIMEOUT |
Timeout (value 0 up to nnn seconds of inactivity). Note: As IP is a connectionless protocol, a timeout should be set. We recommend a timeout from one hour to one day. If the value 0 is used, the connection will not be monitored. |
| MAX_SESSION | Maximum number of sessions, option |
| CONFIG-FILE | Name of SSL configuration file. |
| CERTDB-FILE | Name of SSL certificate database file. |
| PASSWORD-FILE | Name of SSL password file (password encrypted). |
The ini file may contain an additional section GENERAL that contains the following paramerter:
LISTEN_ERROR=IGNORE/WAIT/ABEND
Example 1:
The first example shows the usage as gateway with SSL and without Load Balancing function.
[SSLGATE001]
GATEPORT=4097
SERVERINETA=hobz01f.hob.de
SERVERPORT=23
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
[SSLGATE002]
GATEPORT=4098
SERVERINETA=hobz01g.hob.de
SERVERPORT=4098
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pw
[SSLGATE003]
GATEPORT=4099
SERVERINETA=hobz01h.hob.de
SERVERPORT=4099
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
[SSLGATE004]
GATEPORT=4100
SERVERINETA=hobz01i.hob.de
SERVERPORT=4100
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
[GENERAL]
LISTEN_ERROR=WAIT
Example 2:
The second example shows the usage as gateway with SSL and Load Balancing function. The IP addresses of the servers may also be entered numeric.
[SSLGATE001]
FUNCTION=WTSGATE
GATEPORT=4029
WTSINETA001=127.22.0.11:4300
WTSINETA002=127.22.0.11:4300
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
Example3:
The second example shows the usage as gateway with SSL and Load Balancing function. In this case the names of the servers are used as IP adresses.
[SSLGATE001]
FUNCTION=WTSGATE
GATEPORT=4029
WTSINETA001=hobz01f.hob.de
WTSINETA002=hobz01g.hob.de
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
Example 4:
The fourth example shows the usage as gateway with SSL function on a multi-homed system (that has several IP addresses), e.g. if more than one network adapter is used..
[SSLGATE001]
GATEPORT=4097
SERVERINETA=hobz01f.hob.de
SERVERPORT=23
GATE_IN_INETA=hobz01g.hob.de
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
Example 5:
This example shows the usage as gateway with SSL and Load Balancing function - broadcast.
[SSLGATE001]
FUNCTION=WTSGATE
GATEPORT=4029
WTS_BR_PORT=4300
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
Example 6:
This example shows the usage as a "mixed" gateway with both functions (including and without load balancing)
[SSLGATE001]
FUNCTION=WTSGATE
GATEPORT=4029
WTSINETA001=127.22.0.11:4300
WTSINETA002=127.22.0.11:4300
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
[SSLGATE002]
GATEPORT=4097
SERVERINETA=hob6000.hob.de
SERVERPORT=23
GATE_IN_INETA=hobz01g.hob.de
TIMEOUT=900
CONFIG-FILE=hserver.cfg
CERTDB-FILE=hserver.cdb
PASSWORD-FILE=hserver.pwd
