NetMAXFAQ: New / Updated / Top 10 FAQs

NetMAXFAQ :
New / Updated / Top 10 FAQs

The newest and most used FAQ articles
address-suppressed

Subcategories:

Top 10 FAQs

Newest FAQs

Answers in this category:

NetMAXFAQ :

New / Updated / Top 10 FAQs :
Top 10 FAQs

The 10 most used FAQ articles.
address-suppressed

Subcategories:

Answers in this category:
Are entries in my commit.conf file protected during an upgrade?
Why am I having a problem when FTPing through my NetMAX FireWall?
When I try to setup multiple web sites, get "The IP for this host name is already used in an IP based Virtual Host".
How do I setup multiple web sites on my NetMAX WebServer Product?
Does NetMAX support hardware level RAID?
Why do my Windows users get "invalid password" errors when attempting to fileshare?
I have more than one NIC in my NetMAX machine, how do I enable routing between them?
Troubleshooting VPN client connections
When I connect via HTTPS with MSIE, I get various I/O errors. What is the reason?
How do I upgrade 3.x versions of discontinued products, to version 4.0x?

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
Are entries in my commit.conf file protected during an upgrade?

Applies to NetMAX FreeBSD Bld475
           NetMAX Linux   2.0.37

address-suppressed

Any commit.conf entries and the commit.conf file itself should be backed up before an upgrade. Although entries in your commit.conf file are normally protected during the commit phase of an upgrade, they will NOT be protected during the extraction phase, and depending on the version you are upgrading from, your commit.conf file may be overwritten.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
Why am I having a problem when FTPing through my NetMAX FireWall?

Applies to: All Linux versions of NetMAX FireWall/Professional
address-suppressed

This article is not meant to be an all inclusive explanation of the FTP protocol as covered in RFC 959, but rather, this is a general document explaining the typical use of FTP.

Active FTP

A normal (active) FTP session typically starts with an FTP client initiating the control connection from a high numbered port to TCP port 21 of the FTP server.

All commands and replies are sent over this control connection.

When a file is requested, the FTP server initiates a data connection from the adjacent port (its default data port, TCP port 20) to the FTP client on the data port.

By default, the data port of the FTP client is the same high numbered port that the control connection originated from.

This data connection is used for transfering files, which includes the ascii sending of directory listings.

So, before sending a request for a file transfer, the FTP client starts listening on this port for the data conenction.

                ------------                -------------
                |          |  FTP Commands  |           |
                |   FTP    | -------------> |    FTP    |
                |  CLIENT  |   FTP Replies  |  SERVER   |
                |          |                |           |
                |          |      Data      |           |
                |          | <------------- |           |
                |          |   Connection   |           |
                ------------                -------------

Upon file transfer completion the data connectin closes and a new one is created for every additional file transfer.

The FTP client can specify for the FTP server to connect to a data port other than the default port by issuing a PORT command. A lot of FTP clients now a days automatically issue a PORT command because they want to specify which port the data connection should go to.

Passive FTP

In passive mode FTP, the FTP client sends the PASV command, which tells the FTP server to listen for a data connection instead of initiating one. However, the PASV command also results in a request for the FTP server to specify a different default data port.

So if the PASV commands is used, it's possible for the data connection to be initiated from a different high numbered port on the ftp client to a different high numbered port on the FTP server.

                ------------                -------------
                |          |  FTP Commands  |           |
                |   FTP    | -------------> |    FTP    |
                |  CLIENT  |   FTP Replies  |  SERVER   |
                |          |                |           |
                |          |      Data      |           |
                |          | -------------> |           |
                |          |   Connection   |           |
                ------------                -------------

FTP Clients behind the firewall.

So, when using a packet filtering firewall (such as NetMAX FireWall), the following rules must be added to allow FTP clients behind the firewall to access FTP servers on the external network (Internet):

Action Type From Address Mask Port To Address Mask Port Direction SYN Notes

accept tcp Network IP 1025-65535 any 21 output Allow control traffic/connection out

accept tcp Network IP 1025-65535 any 20 output Allow data traffic out

deny tcp any 21 Network IP 1025-65535 input Y Block incoming connections with control source port

accept tcp any 21 Network IP 1025-65535 input Allow control traffic in

deny tcp any Network IP 6000-6009 input Protect Xwindows ports

accept tcp any 20 Network IP 1025-65535 input Allow data traffic in

If using passive mode (which is more secure), you would need the following rules:

Action Type From Address Mask Port To Address Mask Port Direction SYN Notes

accept tcp Network IP 1025-65535 any 21 output Allow control traffic out

accept tcp Network IP 1025-65535 any 1025-65535 output Allow data traffic/connection out

deny tcp any Network IP 1025-65535 input Y Block incoming connections

accept tcp any 1025-65535 Network IP 1025-65535 input Allow control/data traffic in

We assume here that you have more than one FTP client behind your firewall. If you only have one, you can specify an IP address instead of using "Network IP" (for additional security).

Of course, when you're doing IP NAT (Network Address Translation) on your NetMAX FireWall, it's a completely different story. If your FTP client is behind the NAT, you need to use passive mode FTP, because you can't realistically setup a port forwarding rule to allow the FTP server to make the data connection in through the NAT to an unknown high numbered port.

And even if you're doing passive mode FTP, you'll have to keep your FTP transfers short, because the control connection is going to time out (because ip masquerading connections timeout after 15 minutes by default if there is no activity on them) before the data connection is finished transfering the file, which will effectively kill your transfer.

So, if you keep your FTP transfers under 15 minutes and use passive mode, you should be able to use the following rules to allow FTP through your NAT and packet filtered firewall.

FTP Server behind the firewall.

If you have your FTP server behind a packet filtering firewall (such as NetMAX FireWall), you will need the following rules to allow ftp transfers through the firewall:

Action Type From Address Mask Port To Address Mask Port Direction SYN Notes

accept tcp Network IP 21 any 1025-65535 output Allow control traffic out

accept tcp Network IP 20 any 1025-65535 output Allow data traffic out

accept tcp any 1025-65535 Network IP 21 input Allow control traffic/connection in

deny tcp any Network IP 20 input Y Block incoming connections to data port

accept tcp any 1025-65535 Network IP 20 input Allow data traffic in

To allow for passive mode FTP, you would also need the following rules (which are not recommended, because they open up your firewall for access to high numbered ports):

Action Type From Address Mask Port To Address Mask Port Direction SYN Notes

accept tcp Network IP 1025-65535 any 1025-65535 output Allow data traffic out

deny tcp any Network IP 6000-6009 input Protect Xwindows ports

accept tcp any 1025-65535 Network IP 1025-65535 input Allow data traffic/connection in

We assume here that you have more than one FTP server behind your firewall. If you only have one, you can specify the IP address, instead of using "Network IP" (for additional security).

Of course, when you're doing IP NAT (Network Address Translation) on your NetMAX FireWall, it's a completely different story. If your FTP server is behind the NAT, you need to use normal (active) mode FTP, because you can't realistically setup a port forwarding rule to allow the FTP client to make the data connection in through the NAT to an unknown high numbered port. You also need to setup port forwarding (Traffic Rerouting on your NetMAX FireWall Suite) to forward TCP port 21 to your FTP server.

And even if you're doing normal mode FTP, you'll have to keep your FTP transfers short, because the control connection is going to time out (because ip masquerading connections timeout after 15 minutes by default if there is no activity on them) before the data connection is finished transfering the file, which will effectively kill your transfer.

Adjusting the TCP timeout for your NAT:

One way to help the situation when doing FTP through a NAT, is by optimizing the timeouts of your IP masquerading.

From the command line, you can type the following:

ipchains -M -S 7200 10 160

Where 7200 is the number of seconds (120 minutes) for the TCP timeout, 10 is the number of seconds for the TCP timeout (after receiving a FIN), and 160 is the number of seconds for the UDP timeout.

Also, you can enable hash marks in your FTP client, if it supports it.

ip_masq_ftp Kernel Module:

L2.2Pv3.x of the NetMAX FireWall comes with the ip_masq_ftp kernel module installed, which "fixes" the problems with having an FTP client behind an IP NAT. This module is a work around for the limitations of IP NAT and FTP.

It checks incoming packets for replies to outgoing PASV commands. If it sees one, it sets up a new masquerade entry for the outgoing data connection rather than letting the normal ip_masq logic set up the entry when the first data packet is sent. It does this just so it can set a special pointer in the data connection entry pointing at the control connection entry. The ip_masq code uses this pointer to reset the timeout for the control connection when there is activity on the data connection. This prevents the control connection from being deleted during a long data transfer.
It checks outgoing packets for PORT commands, which mean the masqueraded client is telling the external server to open a data connection. If it sees one, it sets up a new masquerade entry as if the connection were being opened from the masq side, and re-writes the PORT command packet to specify the masq box's IP address and the selected masq port number. That way the incoming data packet will look like a reply to a previous outgoing packet, and the ip_masq code will know what to do with it. And of course the new entry for the data connection is linked to the control connection so it will be kept alive.

Limitations of ip_masq_ftp:

Your FTP client can't use the default data port, but must instead use the PORT command to specify a different data port when doing active mode FTP.
Only works when connecting to FTP servers on the standard port 21.
It is not orthogonal, so it only helps if the FTP client is behind the NAT, and not if the FTP server is behind the NAT.

Notes:

The firewall rules in this article are not the only ones that will work, but they are very restrictive rules that you can use that will still allow the proper traffic to pass through.

If you want to connect to an FTP site by its domain name instead of by its IP address, you may also need to open up DNS ports. This article is not intended to cover DNS.

The ip_masq_ftp kernel module comes with the L2.2Pv2.2 product as well, but is not installed by default. To install it, you need to edit the /etc/rc.d/rc.sysinit file, and add the following lines above the other modprobe commands:

# Insert ip_masq_ftp so that passive mode for a ftp client is not needed.
modprobe ip_masq_ftp

So your rc.sysinit file should now look like this:

<--SNIP-->
        fi
fi

# Insert ip_masq_ftp so that passive mode for a ftp client is not needed.
modprobe ip_masq_ftp

# Probe for a IBMPC parallel port
modprobe parport_pc 2>/dev/null
modprobe lp 2>/dev/null

<--SNIP-->

Sources:

ip_masq_ftp Release Notes, RFC 959
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
When I try to setup multiple web sites, get "The IP for this host name is already used in an IP based Virtual Host".

In NetMAX Internet Server Suite/ProSuite, you have two Web Site Host Methods:

IP Based Web Hosting
Name Based Web Hosting

You can not have a combination of the two on the same IP.

You probably already have a website setup for IP.

All you need to do is edit the "Web Site Host Method" for the site, and change it from IP to Name, and then you can create additional Name based web sites on the same IP.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
How do I setup multiple web sites on my NetMAX WebServer Product?

Applies to: All to NetMAX WebServer Products
address-suppressed

IP Based virtual hosting

Important Note: RH52Pv2.0 and L22Pv2.x only support IP based virtual hosting. This means that each web site (domain name) has to have it's own IP address.

To add multiple IP's and setup web sites for them, please do the following:

Add additional IP addresses to your network adapter from Home|Network|Interfaces click on the pencil next to your network adapter, add additional IP addresses, STORE, and COMMIT your changes.
Add the additional domain names from Home|Network|Domains. You need to at least enter the Domain Name and Primary IP Address for the domain. You can click on the "?" for help on filling this form out. After you add all of the domains, click on STORE, and COMMIT your changes.
Add host names for the additonal domain names from Home|Network|Naming. You'll probably want to add names like www.domainname.com for each IP address. After you add all of the host names, click on STORE, and COMMIT your changes.
From Home|Services|WWW you should be able to click on the WEB SITES tab and add a web site for each www.domainname.com that you set up in step 3. Make sure and specify a different "Path" for each one. You'll probably want to put all of the paths parallel to each other.
```
     |--- /log       |--- /PublicFTP           |--- /domainname1
/var |--- /mnt ------|--- /System ---|--- /Web |--- /domainname2
     |--- /preserve  |--- /Web                 |--- /domainname3
```
If you have L22Pv3.x, you'll want to select "IP" for "Web Site Host Method".
When you're done adding your web sites, click on STORE, and COMMIT your changes.
You'll probably want to setup a username for the webmaster of each domain name and set their home directory to be the "Path" to the web site. That way each user can ftp/telnet in and edit the documents that they're responsible for.
If you are using the mail server on your NetMAX and have both domain names (and their MX record) pointing to the NetMAX then each user (Home|Users|Users) will actually be able to receive email at any of the domain names associated with the NetMAX machine.
So the user john would receive email at john@domainname1.com and/or john@domainname2.com. It would be up to john on which domain of the two he wanted to have people send his email to. He could use both if he wanted.
You will need to make sure that the check box for "Include all domains for this NetMAX" is checked under the ROUTE tab from Home|Services|Mail if you don't want to have to send your mail to john@www.domainname1.com. You can click on the "?" for help when in that area for more information.
In RH52Pv2.0 and L22Pv2.x, you can only setup email aliases for the primary domain name. In L22Pv3.x, you can setup virtual email aliases for each seperate domain name.

Name Based Virtual Hosting

Important Note: L22Pv3.x supports both IP based, and name based virtual hosting. This means that each web site (domain name) does not need to have its own IP address, because multiple web sites can be hosted on each IP address.

To add multiple IP's and setup web sites for them, please do the following:

When setting up your first web site under Home|Services|WWW, you will want to select "Name" for the "Web Site Host Method", if you are going to do name based virtual hosting.
To add addtional web sites, you'll need to add the additional domain names from Home|Network|Domains. You need to at least enter the Domain Name and Primary IP Address for the domain. You can click on the "?" for help on filling this form out. After you add all of the domains, click on STORE, and COMMIT your changes.
Add host names for the additonal domain names from Home|Network|Naming. You'll probably want to add names like www.domainname.com for each IP address. After you add all of the host names, click on STORE, and COMMIT your changes.
From Home|Services|WWW you should be able to click on the WEB SITES tab and add a web site for each www.domainname.com that you set up in step 3. Make sure and specify a different "Path" for each one. You'll probably want to put all of the paths parallel to each other.
```
     |--- /log       |--- /PublicFTP           |--- /domainname1
/var |--- /mnt ------|--- /System ---|--- /Web |--- /domainname2
     |--- /preserve  |--- /Web                 |--- /domainname3
```
Ensure that you select "Name" for the "Web Site Host Method."
When you're done adding your web sites, click on STORE, and COMMIT your changes.
You'll probably want to setup a username for the webmaster of each domain name and set their home directory to be the "Path" to the web site. That way each user can ftp/telnet in and edit the documents that they're responsible for.
If you are using the mail server on your NetMAX and have both domain names (and their MX record) pointing to the NetMAX then each user (Home|Users|Users) will actually be able to receive email at any of the domain names associated with the NetMAX machine.
So the user john would receive email at john@domainname1.com and/or john@domainname2.com. It would be up to john on which domain of the two he wanted to have people send his email to. He could use both if he wanted.
You will need to make sure that the check box for "Include all domains for this NetMAX" is checked under the ROUTE tab from Home|Services|Mail, if you don't want to have to send your mail to john@www.domainname1.com. In L22Pv3.1, this check box is called "Consider all mail local for this domain" and is located under the MAIL tab in Home|Network|Domains. You can click on the "?" for help when in that area for more information.
Virtual email aliases can be created for each domain name available on the NetMAX.

address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
Does NetMAX support hardware level RAID?

Applies to: All Linux NetMAX versions

The current version of NetMAX doesn't contain any of the drivers or utilities that will allow you to manage a hardware level RAID.

NetMAX can be installed on a hardware level RAID if:

The hardware level RAID is transparent to the OS (operating system).
The RAID controller appears to the OS as one of the supported SCSI cards.
The RAID controller shows the system drives to the OS with the standard sdX naming scheme.

Most hardware level RAID systems come with a DOS bootable floppy that you use to manage the hardware level RAID, and then you install the OS on the "system" drives that you have created.

It is probably much easier to install NetMAX on a supported SCSI adapter, install the SCSI drivers (and management software if available) for your RAID adapter, and then mount and use the RAID as additional filespace/volumes.

For more information regarding hardware RAIDs please see this article.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
Why do my Windows users get "invalid password" errors when attempting to fileshare?

Unless the administrator of the NetMAX server has manually modified the contents of the
Samba configuration files (located in /var/conf/samba,) the only reason for this error is
a mismatched password or username.

The user name and password must be the same on both the Windows machine and the NetMAX machine
to access the NetMAX from a Windows machine's Network Neighborhood.

NOTE: Another possible cause for this message is that the Windows machine may not be
encrypting passwords by default.

Experienced system administrators can try the following tasks to fix this situation.

Note, however, that modifications to the System Registry can cause Windows machines
to become inoperable if a mistake is made.

Anyone not familiar with editing the Windows Registry should not edit the Registry.

If you aren't scared off yet, do the following:

To verify this setting, access Start->Run on the Windows machine.
Enter regedit in the dialog box and press Enter.

For Win95 or Win98:

    Access HKEY_LOCAL_MACHINE->System->CurrentControlSet->Services->VxD->VNETSUP
    in the left pane.

   Create a "dword" in the right pane called "Enable PlainTextPassword".

   Assign a value of "0" to the "EnablePlainTextPassword" key.

Close regedit and reboot the Windows machine.

For Windows 2000

Access HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->LanmanWorkStation->Parameters
in the left pane.

   Create a "dword" in the right pane called "Enable PlainTextPassword".

   Assign a value of "0" to the "EnablePlainTextPassword" key.

Close regedit and reboot the Windows machine.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
I have more than one NIC in my NetMAX machine, how do I enable routing between them?

Applies to: NetMAX Fire Wall and Professional L2.2Pv2.1 & L2.2Pv3.x
address-suppressed

L2.2Pv2.1

There is a problem with NetMAX Fire Wall/Professional version L2.2Pv2.1 where routing between networks is disabled by default, not allowing NetMAX to act as a router.

To enable routing (if your route table allows it), type the following command at the command line:

echo 1 > /proc/sys/net/ipv4/ip_forward

You can also ensure that this is enabled whenver your NetMAX machine is rebooted by adding this command to your /etc/start_if.generic file. Make sure that you enter the command below the line containing the command "/usr/netmax/etc/rc.d/natd.sh restart". Routing will then be enabled whenever you reboot the NetMAX server. This problem only applies to NetMAX L22Pv2.1 and can also be resolved by installing the L22Pv2.2 upgrade which is available at http://www.netmax.com/support/downloads.html

L2.2Pv3.x

In the interest of security, NetMAX FireWall/Professional version L2.2Pv3.x only forwards traffic between "known" network interfaces (by default). This means that routing between all network interfaces will work fine; however, traffic with a source or destination address not on any of those known networks will not be forwarded (routed). This means that if you are using your NetMAX as a gateway to the Internet, more than likely you will be able to route traffic from your internal network to your ISP's network, but not past your ISP's network.

Although this is intended, it is was not documented in the manual.

The easy way to do this is to change your default forward policy to accept which will allow all traffic (traffic with a source or destination address on other networks) to use your router, you will want to issue the following commands from the command line, logged in as root:

echo /sbin/ipchains -P forward ACCEPT >> /etc/rc.firewall.local

chmod +x /etc/rc.firewall.local

/etc/rc.firewall.local

The more secure method would be to add custom firewall forward rules to each interface that will statically allow the routing between the two network cards for all traffic.

If you are doing NAT, no forward rules are created by default. So if you have more than one internal network interface, routing between the internal networks will not be allowed, by default. So you will have to manually create custom forward rules, or change the default forward policy, same as above.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
Troubleshooting VPN client connections

Information on troubleshooting VPN client connections.
address-suppressed

Subcategories:

Answers in this category:
I'm having problems accessing the remote LAN through a VPN client connection. What's wrong?
When the client connects, Phase 1 completes, but Phase 2 is unsuccessful?
(missing or broken file)

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
When I connect via HTTPS with MSIE, I get various I/O errors. What is the reason?

Applies to: NetMAX Products with SSL.
address-suppressed

The SSL implementation in some MSIE versions has some subtle bugs related to the HTTP keep-alive facility and the SSL close notify alerts on socket connection close. Additionally, the interaction between SSL and HTTP/1.1 features are problematic with some MSIE versions.

As a work around, you can add the following directive in the /var/conf/apache/httpd.conf file, which will force the admin web server to not use HTTP/1.1, keep-alive connection, or sending the SSL close notify messages to MSIE clients:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

This should all be on one line, and you may only need to comment out this line and add a couple of the parameters, as part of this line may already exist in your httpd.conf file. You should reboot your server for the changes to take effect.

WARNING: If you have made a typo when editing the config file, when you reboot, you may no longer be able to access the admin interface.

Additionally, in general, you should set your Internet Explorer to:

Disable SSL version 3.
Access the internet directly (not through a proxy server).
Disable cacheing (retrieve document from remote site each time as opposed to once per session).
Enable cookies.

Sources: ModSSL FAQ
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Top 10 FAQs :
How do I upgrade 3.x versions of discontinued products, to version 4.0x?

The following NetMAX products have been discontinued:

NetMAX Internet Server Suite
NetMAX File Server
NetMAX Firewall Suite
NetMAX Internet Server ProSuite
NetMAX Web Server
NetMAX Firewall

If you have and version 3.x of these products, and want to upgrade to latest version, it is possible. Since they are discontinued, you will need to purchase a full license and not an upgrade. However, its still possible. Just follow these steps:

Purchase the necessary license in the NetMAX store.
For NetMAX Firewall and NetMAX Firewall Suite version 3.x, you will need to purchase NetMAX Firewall ProSuite version 4.0x.
For NetMAX File Server, NetMAX Internet Server ProSuite, and NetMAX Web Server 3.x, you will need to purchase NetMAX Professional Suite version 4.0x.
After you obtain the license number for the software you purchased, remove the current license number for your product. Do this in System -> License Management.
Next, add the new license number you purchased in License Management.
You should now be able to upgrade using the CD you purchased (or downloaded and burned). Simply follow the normal upgrade procedure in the manual from here on out.

Note that NetMAX versions older than 3.0 are not upgradable to 4.0x. You must do a complete reinstall and start from scratch if you have one of those versions, and would like our new product.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :
Newest FAQs

These are the Newest FAQ Answers.
address-suppressed

Subcategories:

Answers in this category:
How do I create a NetMAX Installation CD from the netmax.iso?
How do I enable telnet or rsh on my NetMAX machine?
Are USB keyboards compatible with NetMAX?
How do I set up a catch-all mail alias?
I manually saved my configuration by backing up /var/conf. How do I properly restore it?
How do I register and activate my NetMAX Software?
I upgraded to NetMAX 4.04 and my SCSI RAID controller (or Wireless Card) stopped working. How can I fix this?
I'm having problems viewing the NetMAX 4.0x interface with Internet Explorer�. How can I fix this?
How do I implement Proxy ARP on my NetMAX machine?
How do I change the IP address(es) on my NetMAX machine?
What happens when I click "Send" in my mail client?

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
How do I create a NetMAX Installation CD from the netmax.iso?

Instructions for creating a NetMAX Installation CD.

Purchase the downloadable version of the NetMAX product you would like.
Download the file netmax.iso to your local hard drive. Simply click on the link to initiate this process.
You will now need a CD burning program, a CD burner, and a blank CD to create the installation disk. There is a list of programs compatible with the .iso format at the bottom. Note that there may be programs not listed that will work.
Install and run the CD burning program.
Choose to create a CD from an image file. This procedure will vary from one program to the next, but all programs should accomplish the same task.
After going through the procedure specific to your CD burning software, choose to burn the CD.
When you are finished, label the disk NetMAX Installation CD.
You may now boot your computer off the CD to initiate the installation process.

CD Burning Software that supports .iso files:

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
How do I enable telnet or rsh on my NetMAX machine?

Applies to: NetMAX 4.0x
address-suppressed

Telnet as well as rsh have been disabled on NetMAX version 4.0x. We recommend that customers use ssh as a replacment. Its much more secure and nearly always a better alternative. We recommend PuTTY for use as a Windows client, as its free and reliable.

However, if you wish to enable telnet or rsh and are aware of the ramifications, follow these steps:

For telnet, edit the file: /etc/xinetd.d/telnet
For rsh, edit the file: /etc/xinet.d/rsh
Change "disable = yes" to "disable = no"
Restart xinet.d. This is most easily done by going to Services->FTP, and without changing anything, choose Store, then choose Commit.

Note that this change may get overwritten during future NetMAX updates. In that case, you will need to repeat this process after the update.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
Are USB keyboards compatible with NetMAX?

Applies to: NetMAX 4.0x
address-suppressed

Generally, the answer to this is No. However, many computers will power the USB keyboard through the BIOS, allowing you to use the keyboard to install NetMAX. The keyboard will then fail to work when running NetMAX after the initial install. Since it is still possible to administer the NetMAX machine through the web interface and also to use ssh to get to the console, it should be possible to use a NetMAX machine in this way.

If you need to get in to the NetMAX machine directly, then make sure you have a PS-2 keyboard, and a computer that supports it.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
How do I set up a catch-all mail alias?

Applies to: NetMAX 3.x - 4.0x
address-suppressed

Explanation of a Catch-All Alias

Creating a "catch-all" alias will get all mail for e-mail addresses that are not already defined as aliases. Therefore, it will send all mail to the alias, except for addresses that are already defined as aliases.

For example, lets say you have this setup:

Users:
- jeff
- bill
- fred
Aliases:
- support (goes to jeff)
- help (goes to bill and fred)

Now, if you were to create a "catch-all" alias, all messages would go to that alias except for mail to support and help.

Let's say you didn't want mail to jeff, bill, and fred to go to the catch-all alias either. Then you would set it up like this:

Users:
- jeff
- bill
- fred
Aliases:
- jeff (goes to jeff)
- bill (goes to bill)
- fred (goes to fred)
- support (goes to jeff)
- help (goes to bill and fred)

Now, when you create the catch-all, it will skip all those aliases, so it will only catch the mail destined for somebody besides them. Since all your users also have aliases defined for them, they will continue getting mail as normal.

How to Create a Catch-All Alias

To create a catch-all alias for a domain, go to Home|Services|Mail|Aliases|Create. Leave the Alias field blank and select the domain. Enter one or more addresses that will receive mail for the catch-all account. When you are done, hit Return. Now, do a Store and Commit, and the catch-all alias will begin working.

Caveats to setting up a Catch-All Alias

There are two problems with catch-all accounts. These are not due to NetMAX's implementation, but the nature of this type of account on a standard Linux system.

Since the account will be catching ALL mail that is directed to the domain, it will catch a great deal of mail that isn't useful. This will be mostly comprised of spam, which is being sent in increasing amount every day. Many spammers don't verify accounts before sending mail to them. By accepting all mail to the domain, you will be getting a much larger amount of spam. This places a large burden on your computer as it needs to process all that mail. It also can quickly fill up your storage space if you aren't proactive about getting rid of it. There is also the issue of taking the time to deal with all the extra mail.

The second possible problem with Catch-All accounts was stated above, though not so explicitly. That is, it will override all system accounts. The instructions above explain how to overcome this by creating an alias for each user. Its important to note it as a problem, even though it does have a work around, however. Creating a catch all account without knowing the implications can have the consequence of users no longer receiving their e-mail otherwise.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
I manually saved my configuration by backing up /var/conf. How do I properly restore it?

Applies to: NetMAX version 4.0x
address-suppressed

If you backed up your /var/conf data, and need to restore it, there is a special procedure to ensure that your configuration is restored properly. Follow these steps to get your configuration back:

Move all files in the /var/conf directory to a temporary backup directory.
Restore /var/conf from your backup into the now empty /var/conf directory. The method of restoring will vary depending on whether you backed up to tape or to a floppy.
Make sure you are logged in as root at the command line.
Type:
find /var/conf/sdb -type f -exec touch {} \;
Next, type:
parse pmake commit

address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
How do I register and activate my NetMAX Software?

Applies to: NetMAX version 4.0x and Add-ons
address-suppressed

When you first install NetMAX, you will be asked for a license number. This license number will have been provided to you via e-mail or on a colored sheet of paper.

After installing, you will then need to register your product. Registering is required for activating your product. If the product is not activated in 90 days, you will no longer be able to administer your NetMAX through the interface.

Please follow these steps for registering and activating your product:

Navigate to: https://www.netmax.com/order/support/support.cgi
Click on the link to create a new user if you have never done so before.
Fill out the form with your information and your product's information.
The license number will be that which you received when you purchased your product.
The activation key can be found in the NetMAX interface. Log in to the Interface, and navigate to Home|System|License Management. The eight character activation key will be located at the bottom of the "Currently Installed License Numbers" frame.
Keep this screen in NetMAX open for the final step of the activation process.
Double check your e-mail address to ensure that it is entered correctly, and click the register button.
The registration activation code will then be sent to the e-mail address you specified.
On the License Management screen of the NetMAX Interface, click the pencil in front of the product you are activating.
Enter the Registration Activation Code from your e-mail into the blank spot in the table.
If you have multiple products, log in to the support database with your new account. Use the "Create Product" button to repeat this process for all your products.
When all products have been registered and have their registration activation codes entered, click on the Approve button in the NetMAX Interface.
Click on the Commit All button, and wait for the status bars to finish. When this process is complete, your NetMAX will be ready to go.

address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
I upgraded to NetMAX 4.04 and my SCSI RAID controller (or Wireless Card) stopped working. How can I fix this?

There is a bug in NetMAX 4.04 where certain SCSI controllers will not work. If you encounter this bug, there is an easy fix for it. You need to remove the Devs.first file. Follow these steps:

Log in to the NetMAX Interface as the administrative user.
In the Files Manager, navigate to the /usr/netmax/etc/rc.d directory. Click on root to begin navigating there.
Remove the Devs.first file by placing a check in the box, clicking on Actions, and choosing to "Delete" the file.

Please note: It has been shown that this bug can also affect Wireless Network card functionality. If your wlanX device gets changed to "Unknown Ethernet" in the interface, then follow the above steps to fix this problem.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
I'm having problems viewing the NetMAX 4.0x interface with Internet Explorer�. How can I fix this?

Applies to:  NetMAX version 4.0x

address-suppressed

There are a variety of problems that can come up when using certain versions of Internet Explorer to view the NetMAX interface. The most common problems are frequent security warnings, and a doubling or nesting of the web page. These problems are due to a problem with Microsoft's implementation of SSL 3.0. If you are experiencing these problems, or other problems that seem related to your web browser, follow these instructions.

The first thing we recommend is using an alternate browser. We have had great success with both Mozilla and Netscape. We actually list these two browsers as a system requirement because of this.

If you are determined to use Internet Explorer, then turn off SSL 3.0. This is done by unchecking Tools -> Internet Options -> Advanced -> Use SSL 3.0.

Note that turning off SSL 3.0 in Internet Explorer may clear up most of these problems, but you may still experience problems with it. We have found that the best performance (quickest page loading times and fewest errors) is obtained with Mozilla.
address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
How do I implement Proxy ARP on my NetMAX machine?

Applies to: NetMAX 4.0x
address-suppressed

One of our more frequent questions in the NetMAX Support Department is how to implement Proxy ARP for Bridging network interfaces. If you have more than 1 static IP address in the same subnet, and want to use a NetMAX machine to route the addresses to other machines on your network, Proxy ARP is the way to go. The NetMAX configuration steps are below, however please note that your ISP will need to know the IP address of your NetMAX machine and that it will be routing the rest of your IP addresses. They can then set up the routing tables on their routers, allowing you to configure your NetMAX for bridging.

First make sure your NetMAX is properly configured to be on the internet. Test this by pinging some web sites with the NetMAX.
Under Network->Machines, add a machine for the computer that you will be routing traffic to. Specify the IP address that you want to assign it, and make sure to fill in the MAC address (or Hardware Address). This final step is the most important, as Proxy ARP will rely on this when routing traffic.
Next, go to Network->Machine Groups, add a new group to use for Proxy ARP. Add the machine that you created in step 2 to this group.
Navigate to Network->Routing->Bridge. This is where you will turn on bridging via Proxy ARP.
For Proxy on Ethernet, choose your external network interface. This interface will be the one configured with an IP address and connected to your internet provider.
The Physical Ethernet for Machines will be the network interface connected to your internal switch. All machines you are proxy arping for should also be connected to this switch.
Choose the Machine Group you created during step 3 next. Add this entry, Store, and Commit the changes.
Create firewall rules to allow the forwarding of traffic between the external interface and your proxy arped machine group. You will need forwarding rules on both the external interface as well as the interface the other machines are physically connected to.
On machines you are Proxy Arping for, set their IP addresses to be what you specified for them when creating the Machine entry in the NetMAX interface.
Set the default router for the machines being proxy arped to be the IP address of the external interface of the NetMAX machine. You should now be ready for testing.

address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
How do I change the IP address(es) on my NetMAX machine?

Applies to: NetMAX 4.0x and later
address-suppressed

If you are changing one IP address to another in the same subnet, simply go to Network->Interfaces->Edit Interface, manually change the address, and do a Commit.

If you are changing multiple IP addresses on an interface, or changing to an IP on a different subnet, you will need to follow these steps. Due to many input validity checks (for safety), its not possible to just change the address outright.

Go to Network->Interfaces->Edit Interface
Change the NetMAX to 128.0.0.0 and click Store
Click the Edit button to return to the Edit Interface screen
Add the new IP addresses to the list of IPs and click Store
Go to Network-Routing
Change the IP address of your default router to its new value and click Store
If your DNS servers are also changing, then navigate to Network->DNS
Change the DNS IP addresses to their new values and click Store
Go to Network->Domains
Change the IP ranges on your domains to the new IP range and click Store
Go to Network->Naming
Change the IP addresses associated with your hostnames to their new IP addresses and click Store
Go back to Network->Interfaces->Edit Interface
Remove your old IP addresses
Change your netmask back to its correct value
Store and Commit the changes
Physically plug your NetMAX into the new device (cable modem, router, etc...) if necessary
After waiting an appropriate amount of time (a few minutes), log into the NetMAX interface and test that everything is working properly
If you are still having problems, give us a call and we'd be happy to help out.

address-suppressed

NetMAXFAQ :

New / Updated / Top 10 FAQs :

Newest FAQs :
What happens when I click "Send" in my mail client?

Have you ever wondered what happens when you finish an email message and click "Send?"
This article is a brief and general discussion on the subject
"Where does the mail go?"

Basically, it works in much the same way as real-world mail:

The local SMTP receives outbound messages.
The destination address is analyzed.
The SMTP server checks for the DNS mail exchanger (MX) record of the domain in the destination address. This points to to SMTP server that handles inbound messages for the destination email address.
The message is sent to the destination SMTP server.
If there is a problem, either the SMTP will hold on to the message and try to retransmit later, or it will bounce and a bounce notification will be send to the originator of the message.
If there are no problems, the SMTP server will usually pass the message off to a special program called the "delivery agent."
The delivery agent's ultimate goal is to get the message into the mailbox of the recipient. Sometimes, however, the delivery agent will perform other steps like content-filtering or auto-responding, which may involve passing the message to other programs before final delivery.

address-suppressed

Previous:	Licensing
Next:	Certified NetMAX Addon Packages

This document is: http://www.netmax.org/cgi-bin/fom.cgi?file=415

	[Search]	[Appearance]	[Show Top Category Only]
This is a Faq-O-Matic 2.721.

This FAQ administered by ...Cybernet Systems Corp.