If you set up port rules to allow HTTP (port 80), FTP (port 21), Telnet (port 23), Simple Mail Transport Protocol (SMTP) (port 25), Network News Transfer Protocol (NNTP) (port 119), or RealAudio* (port 7070), they apply only if users are accessing these services through the Novell IP Gateway. When a user is accessing an application proxy, these rules are ignored. If you want similar rules to apply to users accessing these services through an application proxy, you must set up access rules for the individual application proxies.
To create an access rule for an Proxy Services:
In NetWare Administrator, right-click the object where the access rules are to be created and select Details.
Select the Novell BorderManager 3.7 Access Rules page > click Add.
In the Access Rule Definition page, specify Allow (the default).
For Access Type, select Application Proxy.
For Access Details select a proxy from the Proxy drop-down menu.
The port number information is automatically filled in for you. If you selected the News proxy, a drop-down menu is added that allows you to specify the direction: Posting or Reading.
Under Source, accept Any to apply the rule to all NDS or eDirectory objects, DNS hostnames, IP addresses, and subnets. Otherwise, select users, groups, or hosts as follows:
Click Specified, then click Browse.
If you did not select the SMTP Mail or News proxy earlier, specify an NDS or eDirectory object, a DNS hostname, an IP address or range of addresses, or a subnet, including its subnet mask > click Add.
For DNS hostname specifications, you can use the wildcard character (*) in your entry.
If you selected the RealAudio, Generic TCP, Generic UDP, or Telnet proxy, you can specify an IP address or a subnet address only.
If you selected the SMTP Mail proxy earlier, specify an e-mail user name or an e-mail domain name to specify all users in the domain, then click Add.
If you selected the News proxy earlier and selected Posting for the direction, specify an e-mail username, then click Add.
Add additional sources by repeating the steps.
When you have added the sources you want, click OK.
Under Destination, accept Any to apply the rule to any destination; otherwise select destinations as follows:
Click Specified, then click Browse.
If you did not select the SMTP Mail or News proxy earlier, specify a DNS hostname, an IP address or range of addresses, or a subnet, including its subnet mask, then click Add.
For DNS hostname specifications, you can use the wildcard character (*) in your entry.
If you selected the SMTP Mail proxy earlier, specify an e-mail username or an e-mail domain name to specify all users in the domain, then click Add.
If you selected the News proxy earlier, specify a news group name, then click Add.
Add additional destinations by repeating the steps.
After you have added all the destinations, click OK.
IMPORTANT: If you create a rule that allows access to any destination whose hostname must be resolved by a DNS name server, you must create another rule that allows the Novell BorderManager 3.7 server to resolve the hostname. Refer to Setting Up a Rule to Allow the Server to Resolve Hostnames.
(Optional) If you want the server to record all access attempts that match the rule, click Enable Rule Hit Logging.
Logging access attempts can affect server performance; however, it is recommended that you do so to detect unathorized activity.
Click OK, as necessary, to return to the Novell BorderManager 3.7 Access Rules page, then click OK to update the access rules.