To start SAProuter: from the UNIX prompt, enter saprouter -r.
This command starts SAProuter and loads the file saprouttab (router permission table), which defines access control. If this file does not exist, you need to create it.
A route permission table must be used as of version 25 of the SAProuter.
You can start SAProuter automatically when you start the system. In UNIX, for example, change your file /etc/rc accordingly.
The main SAProuter commands are:
Before you work with SAProuter, you should check for any network problems.
You will need the programs saprouter and niping, and three open windows (shells) on one or more computers.
A list is displayed with function names, parameters and return codes.
The following message appears if the self-test is successful: "*** SELFTEST O.K. ***"
You set passwords and access permissions for your system in user-defined files known as route permission tables. You use a standard text editor to create a route permission table.
You can allow access to and from specified application servers in your LAN via your SAProuter. You can also password protect the routes you define. To do this, you must create and configure a separate route permission table for each SAProuter in your network.
A route permission table contains the host names and port numbers of the preceding and subsequent point of the route, and any passwords required to make the connection.
Entries in a route permission table look like this:
< P/D> <source-host> <dest-host> <dest-serv> <password>
Here, <source-host> and <dest-host> could be SAProuters.
P(ermit) allows SAProuter to build the connection. P(ermit) entries can include a password. SAProuter checks that this password matches the password sent by the client.
D(eny) prevents the connection from being built.
You can also include comment lines, which must begin with ‘#'.
If a client of <source-host> wants to connect with <dest-host> <dest-serv> via a SAProuter, the SAProuter checks its route permission before making the connection. If the password and route that SAProuter receives are identical to the entries in the route permission table, SAProuter will make the connection. If the passwords are not identical, SAProuter will not make the connection.
If no route permission table was assigned explicitly to the SAProuter, ./saprouttab is used. If this file is not available, connections are made without a check, that is, all connections are allowed.
You can include wildcards ("*") in hosts, ports and passwords.
You can include subnetworks in host routes.
|156.56.*.*||all host addresses beginning with 156.56
|133.27.17.*||all host addresses beginning with 133.27.17
|156.56.1011xxxx||all host addresses from 156.56.176.* to 156.56.191.*.
(This is a binary interpretation of the third byte of the address. ‘x' is a binary wildcard.)
You can display a sample route permission table on your screen. To do this, call the SAProuter online help: saprouter.
If there are several suitable entries, the first one is selected. This is important for the sequence of the permit/deny rules.
You can display a list of all currently active clients in an active SAProuter.
To get a list of the clients for an active SAProuter:
Enter the command: saprouter -l -H host -P password.
If required, you can define a password in the route permission table. If no host name is specified, the program will connect via localhost to the SAProuter on the same host. If the query does not come from the same host, the SAProuter checks whether its route permission table allows the combination: <other_host> localhost <router_service>. This entry can also include a password. The password is checked against the information password sent by the calling program. The host name can also contain a route.
When you start your SAProuter, you can enter a route permission table differing from the default setting "saprouttab" using the option -R: saprouter -r -R aclfile (aclfile is the name of the file contained in the route permission table). This is helpful when you need multiple route permission profiles.
When you start your SAProuter, you can change the default timeout setting of five seconds for the connection setup using the option -W: saprouter -r -W timeout (timeout is the new timeout in milliseconds). Use this option if you have problems with dynamically established connections via ISDN or network providers.