Apple IP User Manual
K
Apple IP G ate way Ad ministrator’s Guide
K Apple Computer, Inc.
This manual and the software described in it are
copyrighted, with all rights reserved. Under the copyright
laws, this manual or the software may not be copied, in
whole or part, without written consent of Apple, except in
the normal use of the software or to make a backup copy of
the software. The same proprietary and copyright notices
must be affixed to any permitted copies as were affixed to
the original. This exception does not allow copies to be
made for others, whether or not sold, but all of the material
purchased (with all backup copies) may be sold, given, or
loaned to another person. Under the law, copying includes
translating into another language or format.
You may use the software on any computer owned by
you, but extra copies cannot be made for this purpose.
The Apple logo is a registered trademark of Apple
Computer, Inc. Use of the “keyboard” Apple logo
(Option-Shift-K) for commercial purposes without the
prior written consent of Apple may constitute trademark
infringement and unfair competition in violation of
federal and state laws.
Every effort has been made to ensure that the information
in this manual is accurate. Apple is not responsible for
printing or clerical errors.
©Apple Computer, Inc., 1994
1 Infinite Loop
Cupertino, CA 95014-6299
(408) 996-1010
Apple, the Apple logo, AppleTalk, EtherTalk, LocalTalk,
LaserWriter, Macintosh, Macintosh Centris, Macintosh
Quadra, MacTCP, and TokenTalk are registered
trademarks of Apple Computer, Inc.
AppleSearch, Balloon Help, Finder, and MacSNMP are
trademarks of Apple Computer, Inc.
Adobe, Adobe Illustrator, and PostScript are trademarks
of Adobe Systems Incorporated, which may be registered
in certain jurisdictions.
Electrocomp 2000 is a trademark of Image Graphics Inc.
Helvetica, Linotronic, and Times are registered
trademarks of Linotype Company.
Microsoft and MS-DOS are registered trademarks of
Microsoft Corporation.
NuBus is a trademark of Texas Instruments.
QuarkXPress is a registered trademark of Quark, Inc.
UNIX is a registered trademark of UNIX System
Laboratories, Inc., a wholly owned subsidiary of Novell Inc.
Simultaneously published in the United States and
Canada.
Mention of third-party products is for informational
purposes only and constitutes neither an endorsement nor
a recommendation. Apple assumes no responsibility with
regard to the performance of these products.
Con t ents
Preface: About This Guide / v
1About the Apple IP Gateway / 1
About IP networks / 2
How the gateway works / 3
How the gateway can be used / 5
Using the gateway as a stand-alone product / 5
Using the gateway with the Apple Internet Router /5
The Apple IP Gateway and the Apple Internet Router AppleTalk/IP Wide
Area Extension / 7
Using the gateway with an Apple Remote Access server / 9
The Apple IP Gateway and the AppleSearch WAIS Gateway / 11
Network management / 11
Hardware and software requirements / 12
2Installation and Setup/13
International users / 14
Installing networking software using Easy Install / 14
Installing networking software using the Customize option / 16
Installing the gateway software / 19
Using Easy Install / 19
Using Custom Install / 22
Designating software locations / 26
Designating a location for the Gateway Manager / 26
Designating a System Folder for the gateway software / 28
Setting up the gateway / 29
Configuring MacTCP / 29
Configuring the gateway / 33
Getting users ready / 36
Hardware and software requirements / 37
MacTCP configuration requirements / 37
Configuring MacTCP for automatic addressing / 38
Configuring MacTCP for manual addressing / 42
3Operating and Monitoring the Apple IP Gateway / 47
Starting and stopping the gateway / 48
Monitoring the gateway / 49
Viewing gateway statistics / 49
Using MacSNMP / 50
Establishing gateway security / 51
Setting a password / 51
Changing or removing a password / 52
Limiting network access / 53
Changing network access restrictions / 55
Preventing unauthorized access by IP computers / 57
4Troubleshooting / 59
Appendix The Apple IP Gateway MIB / 63
iv Contents
Diagnosing and solving problems / 60
Solutions to common problems / 61
Index / 75
Preface Ab o ut This Guide
The Apple IP Gateway is software that allows communication between an
AppleTalk network or internet and an Internet Protocol (IP) network or
internet. This guide explains how to install, configure, and operate the Apple
IP Gateway, both on its own and in conjunction with the Apple Internet Router
or with an Apple Remote Access Personal or MultiPort Server. The guide also
tells you how to prepare users to access the gateway, details several methods
for making the gateway more secure, and provides solutions to problems that
may come up.
What this guide contains
The chapters of this guide provide the following information:
m Chapter 1, “About the Apple IP Gateway,” gives a basic introduction to how
the gateway works and how it can be used.
m Chapter 2, “Installation and Setup,” covers software installation and
configuration information for both MacTCP and the gateway itself. In
addition, the chapter includes a section that covers the various options you
have in preparing users to access the gateway.
m Chapter 3, “Operating and Monitoring the Apple IP Gateway,” provides
detailed information for operating the gateway and establishing gateway
security. The chapter also covers viewing gateway statistics and monitoring
the gateway with SNMP.
m Chapter 4, “Troubleshooting,” offers solutions to problems that may come up.
m The Appendix, “The Apple IP Gateway MIB,” lists the variables that can be
monitored with SNMP.
On-screen help
The Apple IP Gateway includes Balloon Help, featuring balloons that provide
descriptions of items on the Macintosh screen. To access Balloon Help, choose
Show Balloons from the Help (?) menu. When you point to items on the
screen, balloons appear explaining each item. To turn off Balloon Help, choose
Hide Balloons from the Help menu.
What you need to know
This guide assumes that you are familiar with basic Macintosh operations. If
you need more information, refer to the documentation that came with your
computer. In addition, the Apple IP Gateway works in coordination with
MacTCP, and, optionally, with the Apple Internet Router and the Apple
Remote Access Personal or MultiPort Servers. Although much of the
information that you’ll need is repeated here, you’ll find it helpful to have a
thorough understanding of these products. To get that understanding, refer to
the documentation supplied with each application program. Finally, a
Macintosh SNMP agent is installed with the Apple IP software; to utilize this
agent, you will need to install MacSNMP software, which is supplied with
either the AppleTalk Administration for Macintosh or the TCP/IP
Administration for Macintosh products. The MacSNMP Administrator’s
Guide, included with both Administration products, provides a basic
introduction to network management with SNMP as well as detailed
instructions for configuring the agent software.
vi Preface
For more information
The Apple IP Gateway provides access to services on IP networks, including
the Internet. An introduction to Internet services is beyond the scope of this
guide. There are, however, numerous books available if you want to learn
more. Any of the following would provide a good introduction. There are
literally hundreds of others, with more coming out each week.
Falk, Bennet, The Internet Roadmap, Sybex, San Francisco, 1994. A general
introduction to Internet basics, covering how to use USENET, how to send Email, how to access the World-Wide Web, and how to master the most
common Internet tools, such as FTP and Gopher.
Gaffin, Adam, Big Dummy’s Guide to the Internet, MIT Press, Cambridge,
1994. A printed version of a widely used online guide.
Kehoe, Brendan P., Zen and the Art of the Internet, Prentice-Hall, Englewood
Cliffs, New Jersey, 1993. Subtitled “A Beginner’s Guide,” this is a short
treatment of Internet services and how to access them.
Krol, Ed, The Whole Internet User’s Guide and Catalog, O’Reilly and
Associates, Sebastapol, California, 1992. An all-in-one introduction, covering
history and technical basics, plus detailed coverage of services available.
Lambert, Steve and Howe, Walt, Internet Basics, Random House, New York,
1993. A general introduction to history, use, and available services.
LaQuey, Tracey and Ryer, Jeanne C., The Internet Companion, Addison-
Wesley, Reading, Massachusetts, 1993. A short and nontechnical introduction
featuring a foreword by Vice-President Al Gore.
Preface vii
1 About the Apple IP Gateway
The Apple IP Gateway provides Macintosh computers on an AppleTalk
network access to services on an Internet Protocol (IP) network—even if the
computers themselves are on an AppleTalk system that does not directly
support IP. Thus the gateway is particularly useful for Macintosh computers
connected by LocalTalk cabling or through Apple Remote Access.
The Apple IP Gateway can be installed on a wide range of Macintosh
computers. It can be used on its own or in conjunction with an Apple Remote
Access MultiPort or Personal Server or with the Apple Internet Router. This
chapter gives an overview of how the gateway works and explains the various
options for its use.
About IP networks
The Internet Protocol (IP) and its companion, the Transmission Control
Protocol (TCP), were first developed as part of a United States defense
research effort some twenty years ago. Since then, TCP/IP has become the
international standard for heterogeneous networking, in which many different
computer types can interoperate and share information and services.
TCP/IP can be used for local area networking, in which, for example, clients
access data from a UNIX
composed of hundreds of local networks linked by a wide variety of
communications methods. The best known of these giants is the Internet, which
is often regarded as the prototype of the Information Superhighway. Like
TCP/IP itself, the Internet began as a U.S. defense project. It has since grown
into an international web linking universities, research centers, corporations,
and, increasingly , private citizens, who are gaining access by the thousands
every month. Note that this Internet is always spelled with a capital I. A
lowercase internet can be any interconnected set of networks, whether based on
TCP/IP, AppleTalk, or some other protocol. The Apple IP Gateway provides
access to any TCP/IP network or internet, including the Internet itself.
®
host. It can also be used for giant internetworks,
2 Chapter 1 / About the Apple IP Gateway
How the gateway w o rks
On both AppleTalk and IP networks, data is broken down into packets for
transmission. The two network types use different sets of rules—protocols—
for packet construction and for addressing packets to their correct destinations.
Data can’t ordinarily cross from one network type to the other. The Apple IP
Gateway solves this problem. Installed on a Macintosh computer that is
connected to both an IP network and an AppleTalk network, the Apple IP
Gateway makes addressing transparent on both sides, so communications can
pass freely.
IMPORTANT
Client computers may be networked by LocalTalk, Ethernet, or other AppleTalkcompatible cabling types. Both the client computers and the gateway computer
must have MacTCP software installed. This allo ws them to “talk” IP, e ven
though they are using AppleTalk as the underlying network protocol.
Users who want to access an IP service construct their requests in the
appropriate IP format. The packets have all the information necessary for
transport and reassembly on the IP side. Speaking metaphorically, the packets
are enclosed in IP “envelopes.” To get this message to the gateway, the IP
packets are encapsulated in Datagram Delivery Protocol (DDP) packets; DDP
is the AppleTalk standard for data transport. The IP envelope, in other words,
is put inside a DDP envelope for shipment to the gateway. On arrival, the
gateway strips off the DDP envelope and sends the IP packet on its way.
When the IP host sends back a reply, the process is reversed. The gateway
encapsulates the IP data in a DDP envelope and transmits it to the client
over AppleTalk.
Figure 1 shows how the gateway makes it possible to move data from an
AppleTalk network to an IP network.
The gateway computer must be connected to IP by Ethernet cabling.
How the gateway works 3
Client Macintosh
running MacTCP
AppleTalk network
1. Client sends IP packets enclosed in
Datagram Delivery Protocol “envelope.”
2. Gateway strips off
DDP envelope.
Macintosh running
the Apple IP Gateway
and MacTCP
Ethernet cable
IP network
Figure 1 How the Apple IP Gateway works
3. IP packets continue on
to the IP network.
Local IP host
IP router
IP internet
4 Chapter 1 / About the Apple IP Gateway
How the gateway can be used
Depending on the type of AppleTalk network you are working with and the
needs of your network users, you can run the gateway as a stand-alone
product, or you can use the software in conjunction with either the Apple
Internet Router or an Apple Remote Access Personal or MultiPort Server.
Using these options is covered in detail in Chapter 3, “Operating and
Monitoring the Apple IP Gateway.” The descriptions that follow give you an
idea of overall functionality.
Using th e gat e way as a stand-alone product
When the Apple IP Gateway is installed on a Macintosh computer that is
properly connected to both an IP and an AppleTalk network, any Macintosh
computer on the AppleTalk network can access the IP internet through the
gateway. All that is necessary is that the client computer have both MacTCP
and any appropriate IP software installed.
Using t he g a t e way wit h the Apple Internet Router
If the gateway is installed on a Macintosh computer that is also running the
Apple Internet Router software, the gateway’s power is greatly expanded. Now
any Macintosh computer on any AppleTalk network that is part of the router’s
internet can use the Apple IP Gateway to access the IP network. Figure 2
shows how the router works with the gateway.
How the gateway can be used 5
Any Macintosh that
is part of the router’s
internet can access
the IP network.
Local IP host
IP internet
IP router
Ethernet cable
Macintosh running
Apple Internet Router
and Apple IP Gateway
Figure 2 Combining an Apple Internet Router with the Apple IP Gateway lets
you offer gateway services to all Macintosh computers served by the router.
The Apple Internet Router and the Apple IP Gateway software can run on the
same computer, although they do not have to. Putting the two programs on the
same computer is usually the convenient and cost-effective choice. One
machine provides both services; the software is physically located where the
cabling comes together; and there is only one place for something to go
wrong, so errors are easier to find and correct.
6 Chapter 1 / About the Apple IP Gateway
The Apple IP Gateway and the Apple Internet Router
AppleTalk/IP Wide Area Extension
Although it is easy to confuse the Apple IP Gateway and Apple Internet
Router AppleTalk/IP Wide Area Extension, the two software programs
actually provide two completely different services.
The Apple IP Gateway allows Macintosh computers on an AppleTalk network
to communicate with computers of many different types on an IP network. The
AppleTalk/IP Wide Area Extension allows Macintosh computers on an
AppleTalk network to communicate with other Macintosh computers on
another AppleTalk network located, figuratively speaking, on the other side of
an IP internet.
The extension is based on a software file called IPTunnel, so named because it
builds a tunnel between the two AppleTalk networks through the IP internet.
Because IP internets span the globe, the AppleTalk/IP Wide Area Extension
provides a fast, powerful, and cost-effective way for widely separated localarea AppleTalk networks to link up. The extension does not, however, provide
access to IP services. That is the job of the Apple IP Gateway. The two
programs can run on a single computer, offering users the full potential of
both. Figure 3 shows their capabilities in graphic form.
How the gateway can be used 7
Macintosh running
AppleTalk/ IP Extension
Macintosh running
AppleTalk/IP Extension
and Apple IP Gateway
IP internet
IP router
Figure 3 The Apple IP Gateway provides communication with IP computers; the Apple Internet
Router AppleTalk/IP Wide Area Extension creates a tunnel through the IP internet, through
which Macintosh computers can communicate.
8 Chapter 1 / About the Apple IP Gateway
Using the gateway with an Apple Remote Access server
Apple Remote Access software creates a remote extension of an AppleTalk
network, with packets transmitted over telephone lines rather than over
dedicated cables. Users who dial into an AppleTalk network through an Apple
Remote Access Personal or MultiPort Server can access all network services
as though they were locally connected. If the Apple Remote Access server
computer has access to the Apple IP Gateway, server users can also access IP
services, again as though they were locally connected.
Note: Remote users must be authorized to use the gateway by the Apple
Remote Access server administrator. See your Apple Remote Access
documentation for details on controlling network access.
Adding the remote-access option greatly extends the reach of the gate way, but
setup and operation are essentially the same as for the stand-alone en vironment.
Note that, as with the Apple Internet Router, it is often simplest and most costeffective to install both software programs on a single computer, but this is not
strictly necessary if it is more conv enient for you to use two machines.
Figure 4 shows how Apple Remote Access clients use the gateway to access IP
services.
How the gateway can be used 9
IP internet
Local IP host
IP router
Ethernet cable
Macintosh with Apple IP Gateway
running MacTCP and ARA
Remote Macintosh
running ARA and MacTCP
Figure 4 Apple Remote Access (ARA) client access to IP services
10 Chapter 1 / About the Apple IP Gateway
The Apple IP Gateway and the AppleSearch WAIS Gateway
AppleSearch 1.5 includes a WAIS Gateway that allows AppleSearch clients to
search WAIS (wide area information server) computers on the Internet. Like
the Apple IP Gateway, the WAIS Gateway requires a Macintosh with both
AppleTalk and IP connections. The two gateways can run on the same
machine, thus giving users the benefits of both approaches. However the
benefits are different and should not be confused. The Apple IP Gateway is a
general-purpose IP access tool that does not require the AppleSearch software.
The WAIS Gateway is a specialized access tool that does.
Network management
The Apple IP Gateway is supplied with an SNMP IP Gateway Agent and
related SNMP software that allow a set of variables (called a Management
Information Base, or MIB) to be viewed. These variables are listed in the
Appendix, “The Apple IP Gateway MIB.”
SNMP stands for Simple Network Management Protocol, and it is the standard
mechanism for managing nodes, such as routers, hubs, and host computers, on
a TCP/IP network. An SNMP agent may be thought of as a reporting device
that supplies information about a particular MIB.
You can view the Apple IP Gateway MIB locally by installing either the
MacSNMP Client or the MacSNMP Administration software. These programs
are provided with the AppleTalk Administration for Macintosh and the TCP/IP
Administration for Macintosh products.
If you want to view the MIB remotely, you’ll need a network-management
console. Such consoles are available from a number of vendors.
Exploring these network-management options is beyond the scope of this
book. The MacSNMP Administrator’s Guide, supplied with the MacSNMP
software, provides information on using MacSNMP itself and also points you
in the right direction if you wish to implement full network management. See
your Apple-authorized reseller for more information.
How the gateway can be used 11
Hardware and software requirements
The Apple IP Gateway may be installed on any Macintosh II or later
Macintosh computer that is equipped with
m Ethernet on the IP side
If the gateway computer does not support NuBus™, it must have built-in
Ethernet, a processor-direct slot (PDS) card, or a SCSI adapter. See the
documentation supplied with the card or adapter for full information on
installation, setup, and operation.
m any AppleTalk link, such as LocalTalk, EtherTalk, or Apple Remote Access,
on the AppleTalk side
See the documentation supplied with the cabling or with the Remote Access
software for full information on installation, setup, and operation.
m at least 4 megabytes of random-access memory (RAM)
m System 7.1 or later
MacTCP version 2.0.4, AppleTalk version 58.1.3, the MacSNMP agents, and
other required networking software are all installed with the gateway. This
software is discussed in “Installing the Gateway Software” in Chapter 2.
If the gateway computer is also supporting either the Apple Internet Router or
an Apple Remote Access server, it must meet all hardware and software
requirements for those products. You may need to increase RAM to provide
adequate memory to run all services simultaneously. See the Apple Internet
Router Administrator’s Guide, the Apple Remote Access MultiPort Server
Administrator’s Guide, or the Apple Remote Access Personal Server User’s
Guide for full information.
12 Chapter 1 / About the Apple IP Gateway
2 Installation and Setup
This chapter covers all available options for installation of the Apple IP
Gateway and describes the procedures for each. Proper setup varies according
to network administrator preference and the kind of access you want to offer
network users. Setup procedures require coordination between the Apple IP
Gateway software itself and the MacTCP software on the gateway computer.
This chapter shows you how to make them work together to achieve the
desired result. Finally, the chapter tells you how to get users ready to access
the gateway.
International u sers
If you are installing the Apple IP Gateway on a non–United States Macintosh
computer, you should run the Network Software Installer (NSI) before
proceeding with the rest of the installation process. The NSI installs the latest
international versions of all networking software. The Network Software
Installer disk is supplied in your Apple IP Gateway package.
Before running the NSI, you should make a backup copy of its disk. Put the
original aside for safekeeping, and use the backup for installation.
Installing n etworking software using Easy Install
To run the NSI using Easy Install:
1 Insert the backup copy of the
floppy disk drive and double-click the disk icon to open it.
The Installer icon is in the window that appears.
2 Double-click the Installer icon to open the Installer program.
An informational dialog box appears:
Network Software Installer
disk into your computer’s
14 Chapter 2 / Installation and Setup
3 Click OK.
The Easy Install dialog box appears:
4 If necessary, click Switch Disk until the name of the disk you want to install on appears.
The Easy Install process is preset to install all the networking software
contained on the Network Software Installer disk onto your current startup
disk. By switching disks, you can install the networking software on any hard
disk that has a System Folder.
IMPORTANT
You must install the networking software on the same disk as the
Apple IP Gateway.
5 Click Install to place the networking software on your hard disk.
If other programs are currently running on your computer, the following dialog
box appears:
International users 15
Clicking Continue automatically quits all open programs and begins the
installation. Clicking Cancel quits the Installer and leaves your hard disk
unchanged.
The Installer begins the installation process, with on-screen messages
reporting its progress. You can cancel the installation at any time, leaving the
hard disk unchanged.
6 When you see a message reporting that installation was successful, click Restart.
After you restart your computer, you can proceed to the section “Installing the
Gateway Software,” later in this chapter.
Installing n etworking software u sing th e Customize option
The Customize option lets you pick and choose from the networking software
contained on the NSI disk. It is particularly useful if disk space is at a premium
and if you know there are software files you w on’t need.
To use the Customize option:
1 Follow steps 1 through 3 in the preceding section, “Installing Networking Software Using
Easy Install.”
The Easy Install dialog box appears.
16 Chapter 2 / Installation and Setup
2 Click Customize.
The Customize dialog box appears:
3 If necessary, click Switch Disk until the name of the disk you want to install on appears.
The Customize option is preset to install the designated networking software
onto your current startup disk. By switching disks, you can install the
networking software on any hard disk that has a System Folder.
IMPORTANT
You must install the networking software on the same disk as the
Apple IP Gateway.
4 Select the software you want to install.
Select an item by clicking its name; select multiple items by Shift-clicking.
n You must select AppleTalk for System 7.
n You don’t need AppleTalk for System 6.
You may or may not need the rest of the networking software. To be sure, it
may be necessary to review your system or to ask for help from your
network administrator.
International users 17
5 Click Install to place the networking software on your hard disk.
If other programs are currently running on your computer, the following dialog
box appears:
Clicking Continue automatically quits all open programs and begins the
installation. Clicking Cancel quits the Installer and leaves your hard disk
unchanged.
The Installer begins the installation process, with on-screen messages
reporting its progress. You can cancel the installation at any time, leaving the
hard disk unchanged.
6 When you see a message reporting that installation was successful, click Restart.
After you restart your computer, you can proceed to the next section,
“Installing the Gateway Software.”
18 Chapter 2 / Installation and Setup
Installin g t he ga teway software
Before installing your gateway software, you should make a backup copy of
the installation disks, the Apple IP Gateway Installer 1 and Apple IP Gateway
Installer 2, which you will find in the Apple IP Gateway package. Put the
originals aside for safekeeping, and use the backups for installation.
This section describes the Easy Install procedure that Apple recommends as
well as the Custom Install procedure that you may want to use instead. The
section also shows you how to specify locations for software installation if you
don’t want to use the default locations for which the Installer is set.
Using Easy Install
Easy Install places all the software Apple recommends in the appropriate
locations on your startup disk. This includes
m the Gateway Manager
m the MacTCP control panel
m all necessary system extensions
m SNMP network-management software
m AppleTalk version 58.1.3 (for United States users)
Note: International users can use Easy Install. All software installed with the
Network Software Installer will be retained.
To install this software:
1 Insert the backup copy of the
floppy disk drive and double-click the Apple IP Gateway icon to open it.
The Installer icon is in the window that appears.
Apple IP Gateway Installer 1
disk into your computer’s
Installing the gateway software 19
Loading...