---------------------------------------------------------------- IPX-2-IP.DOC -- 19971125 -- Email thread on IPX to IP Convertors ---------------------------------------------------------------- Feel free to add or edit this document and then email it back to faq@jelyon.com Date: Wed, 3 Jul 1996 15:09:17 -0600 From: Brian Scott Subject: Re: Netware 4.1 to the Internet >Are there any IPX to IP converters? ...copied from: http://www.access.digex.net/~bdboyle/firewall.vendor.html >>> Novix by FireFox (Novell only) IP gateway, partial solution. Brittish company,can function as a firewall for sites with Novell clients. Firefox is an NLM (Netware Loadable Module) which gateways between IPX and TCP/IP.The NLM on the server controls who can get the clients when, etc., and also limits the number of simultaneous users--a form of use-base licensing. Five users cost under $2000, with the price descending to under $300/per simultaneous user. 800 230 6090. <<< I had read about Novix before, and what it come down to is a NLM on the server to convert from IPX to IP, and a WINSOCK.DLL on the workstation. The problem that I can see is no support for anything but 16-bit windows. ------------------------------ Date: Tue, 9 Jul 1996 08:29:28 -0400 From: "David E. Berry" Subject: Re: Netware 4.1 to the Internet (no IP on workstations) >I'm in the process of gather information to connect my LAN to the internet. >We are running Netware 4.1 and 4.1 SFTIII with tokenring. We will connect >to the ISP thru a T1. I want to run Novells Web Server. I don't want to >place IP on the workstations. > >Are there any IPX to IP converters?? Inetix. We are currently running Inetix on an NT server which our netware clients access through an IPX bridge. Security is implemented at both the gateway (Inetix) level and at the router. The Inetix product, which is also available as an NLM for NetWare, simply encapsulates IP within each IPX packet. You will need to install a winsock client on every workstation, which takes approximately 1 minute per station, and then it is simply a matter of installing winsock compliant software. In our implementation, we use a router with two ethernet ports and one wide area, and then seperate the Internet server from our lan by placing the Internet box on one ethernet port and the lan on the other. The IP packets are received through the wide area port and are directed to the Internet server. Next, the Inetix client encapsulates the IP within an IPX packet and sends it out through the router, and the second ethernet port to the client. We only allow IPX to pass through the ethernet port on the lan side whereas IP and IPX may pass through the port on the side of the Internet server. With this solution, no IP may pass to the lan from the Internet, and your Internet site will appear to have only one IP address. Also, you may instruct the Inetix gateway to allow/disallow certain workstations from accessing specified IP addresses, and you may also allow/disallow IP addresses from passing through Inetix. Works great, it's fast, and client installations are quick and painless. You may visit the Inetix web site at: www.mcsdallas.com The web site also includes a white paper with additional info. ------------------------------ Date: Sun, 8 Sep 1996 22:27:57 -0600 From: "Mike Avery" To: netw4-l@bgu.edu Subject: Re: IPX to IP Gateway >>>I'm not sure I can do the IPX to IP gateway with another IP >>>stack loaded. It looks like the only viable option right now >>>is a remote control solution. >> >>No problem. The Perfomance Products (or was it Performance >>Solutions?) Instant Internet product has been used in that sort of >>situation a number of times with no real problems. The only time >>you would run into a problem is if you are trying to contact >>someone with the same subnet address as one you are supporting >>in-house. Their lead designer said that so far, with thousands of >>units in the field, that has not yet happened. Their driver and >>the IP stack negotiate which way to send the message, and away it >>goes. I suspect that the BSDI solution would do the same. > >Sounds like a Proxy server...does this do IP-to-IP or IPX-to-IP? I'm >using a protocol firewall scenerio so IP to IP isn't an option. Both BSDI and Performance Technology offer IPX to IP gateways. They aren't proxy servers as you only need a single IP address with your ISP, you users are given sockets based on that IP address. Performance Technology is a Bay Technology company, and they have a home page at http://www.instant.net/. They sell a sealed turnkey system. Bring in it, hook it up, turn it on, answer 4 questions and it's up. Add a new winsock.dll file, and your users are on the internet. Their box does caching and all sort of other neat stuff. A box with an ISDN connection can handle about 50 users.... caching helps, and your mileage may vary. With a 28.8 modem, they say about 20 users. The boxes can be connected to a T1, if you have lots of money. Also, the boxes can be piggy backed. They range from about $3,000 to $5,000 as near as I recall. BSDI is a long term Unix company (Berkely Systems Division), and they offer various flavors of Unix. They also have a similar product to Performance Technology, except they aren't integrating it. You, or your systems integrator, provide an intel based machine, install the Unix, install the IPX to IP software, and then you're up. I don't have pricing information on them, but they are morelikely to be able to be a www, ftp, and news server for you than Performance Technology. They are at http://www.bsdi.com/ However, when I tried to verify the address this evening, they were down. And there's also Quarterdeck's IWare product. A "lite" version is evidently being bundled with Green River. It looks like they have a PPP NLM in Beta, and trial versions of everything available for download at http://www.quarterdeck.com/ Another canidate is Puzzle Systems. I earlier made an unfortunate comment about them. I saw an early beta product and felt that the product had definite potential, but had been rushed into the public's eye too soon. A look at their products is also warranted. Try http://www.puzzle.com/ They offer a number of NLM based products to connect your LAN to the InterNet. Last time I looked, evaluation copies could be downloaded for a free trial. ------------------------------ Date: Mon, 09 Sep 96 10:16:46 From: rweissle@crown.com (Rich Weissler) To: netw4-l@bgu.edu Subject: Re: IPX to IP Gateway >We're considering putting up an IPX to IP gateway for our people to [work] >on the internet from their desktops. It's either this or some sort of >Cubix/Citrix box, which would allow them to remotely control an IP >enabled workstation/session via IPX on our perimeter network. > >Anyone have any experience with these? I know the Novell, Cisco & a couple >of others have them but I haven't heard any real life stories. > >Are they reliable? Fast enough to keep up with a T1 connection? And most >of all can they be cracked? I'm doing this very thing right now, and evaluating software... But I decided to use an NT server on my Novell network to handle gateway functions 'cause I didn't want to put any more on the Netware Server. Anyway, I found a wonderful reference when I started this project: "Netware to Internet Gateways" by James E. Gaskin Prentice Hall PTR (Upper Saddle River, NJ 07458), 1996 Prentice Hall contact: (800)382-3419 corpsales@prenhall.com ISBN: 0-13-521774-1 (and includes evaluation software of many of the gateways on CD. Many of the evaluation copies are slightly out of date now, but the book includes the ftp/www sites to download the new stuff.) I don't have any relationship to the author or publisher, but found the book to be very helpful. It assumes knowledge of networking, but works through most of the issues concerned with installing this sort of system. (Oh, and I'll be using a 56K line for outbound access - up to ten users at a time, while sharing the line for our www server... I won't know till we get a load on the line whether we will have to upgrade the line.) ------------------------------ Date: Mon, 21 Oct 1996 08:53:02 +0200 From: Henno Keers Subject: Re: IP tunnel / IPX WAN links >In the opinion of people in this list, what is the preferred method of >interconnecting remote servers? At the moment, we have an all-bridged >network, but are planning to go to a routed one later in the year (after >the switched hubs). I would route IPX instead of IP, see arguments below: >What are the advantages/disadvantages of using IP tunneling? Advantage: - Easy on TCP/IP orientated network managers - Only one type of configuration on your routers Disadvantage: - You cannot control IPX traffic like RIP/SAP since they are wrapped in IP packets. >What are the advantages/disadvantages of using IPX over WAN links? Advantage: - Tight control of traffic over WAN links - You must have a properly defined IPX naming and numbering standard Disadavantage: - More complicated router configurations - You must have a properly defined IPX naming and numbering standard >(assuming the bridges will bridge IPX) A bridge is a MAC level device, it does not see the difference between IP or IPX, hence they are far less suitable on WAN links. ------------------------------ Date: Tue, 25 Nov 1997 22:09:15 -0500 From: Jerry Shenk Subject: Re: Netware IP question >I have NW4.1 and Unix bi-di print services. > >Is Netware IP already included on the server s/w? I want to change our >entire system to IP and have offsite users log in through a unix box. The 'Netware IP' that is currently available is basically tunneling IPX through IP. Netware uses IPX at the core. If you switch to tunneled IPX, you will see a substantial performance decrease. If this is a big deal to you, you may want to investigate Moab - that will be the first version of Netware to separate IPX from the core. I'd wait for that. ------------------------------