Starting and Setting Up RTR
2.9 Network Transports
2.9.2 Using RTR with DHCP and Internet Tunnels
When using RTR with DHCP or an Internet tunnel, a nodename may not be fully
known; special naming techniques are provided for these conditions.
Anonymous Clients
RTR allows the use of wild cards when specifying the frontends that a router
is permitted to accept connections from (that is, in the facility definition on the
router). Valid wild card characters are ‘‘*’’, ‘‘%’’ and ‘‘?’’. The result of using a wild
card character at facility configuration time is the creation of a template link.
When operating RTR in conjunction with the Compaq Internet Personal Tunnel,
a client system outside of the corporate firewall uses tunnel software to obtain
a secure channel from the Internet to inside the corporate domain. The tunnel
client is assigned an address by the tunnel server from a pool when the tunnel
software starts up.
When an RTR router receives a connection request from RTR running on this
client, the source of the address is the address assigned by the tunnel server.
There is no longer a fixed relationship between the client and its address. The
method of configuring the router to accept such a connection is to define the
frontends nodes with all the possible addresses that the tunnel server can assign
to tunnel clients; you can do this with wildcards. For example,
RTR> create facility . . ./frontend=*.pool.places.dec.com
This command enables all nodes connecting through the tunnel to connect as
frontends. The anonymous client feature may also be used with frontends that
are using DHCP for TCP/IP address assignment.
Using the Tunnel Prefix
By using the node name prefix ‘‘tunnel.’’, it is possible to configure RTR to accept
a network connection from a particular remote node even if it is connecting via a
Internet tunnel using an unknown pseudoadapter address. This method allows
stricter access control than the anonymous client feature where wild cards may
be used when specifying a remote node name. For example, on the router node
behind a firewall, the facility definition could include:
RTR> create facility . . ./router=router.rtr.dec.com -
/frontend=tunnel.client.rtr.dec.com
The definition on the frontend could be
RTR> create facility /router=router.rtr.dec.com -
/frontend=client.rtr.dec.com
Troubleshooting Tunnel and Wildcard Connections
To assist in diagnosing connect acceptance problems, use the monitor picture
ACCFAIL. This picture displays the recent history of those links from which the
local node has refused to accept connections. It displays the failed link name
as provided by the network transport, and can assist in rapidly identifying any
problems.
TCP Services File
• RTR uses the TCP/IP port number 46000 for the network communication
daemon
rtr rtrd
.
On UNIX platforms, you should edit the file
/etc/services
to add the line
rtracp 46000/tcp
2–14 Starting and Setting Up RTR