InJoy Firewall for OS/2(R) Warp and eComstation(tm)
InJoy Firewall for OS/2(R) Warp and eComstation(tm)
Platform specific configuration and installation README.
=================================================================
C O N T E N T S
=================================================================
1.0 Prerequisites
2.0 Installation issues
3.0 System Implications
4.0 Manual Installation
5.0 Manual Deinstallation
=================================================================
1. P R E R E Q U I S I T E S
=================================================================
You are about to install a product that adds a new device driver
(FXWRAP.SYS) to your OS/2 system. The device driver layers with
existing device drivers shipped with your LAN adapter(s) and
incompatibility or bugs in these drivers CAN potentially cause hazard
to your OS/2 system.
If you are NOT experienced in the following areas:
* TCP/IP networking and routing
* OS/2 recovery options (i.e. the Maintenance Desktop)
THEN please backup critical data before installing this software
and/or consult a local expert or seek help on the Internet. F/X
Communications will in no way be held responsible for malfunctions
or data loss inflicted by our software.
1.1 Supported Software
----------------------
InJoy will run on any of the below OS/2 platforms:
* IBM OS/2 Warp(R) 3.x
* IBM OS/2 Warp(R) 3.x Server
* IBM OS/2 Warp(R) 4.x
* IBM OS/2 Warp(R) 4.x Server for e-Business
* eComstation(tm)
InJoy will generally work with any IBM TCP/IP stack. The following
TCP/IP stacks have been tested by F/X:
* TCP/IP 4.0e
* TCP/IP 4.0y
* TCP/IP 4.1
* TCP/IP 4.3x
For PPP protocol variants, such as PPTP, PPPoE, apply IBM TCP/IP 4.3
fixes from:
ftp://ps.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27649/
1.2 Supported Hardware
----------------------
The InJoy Firewall has been tested with a multitude of Network
Adapters on OS/2. Below a small list of (some of) the tested
adapters:
* 3Com Fast EtherLink/EtherLink XL Family OS/2 (3C900)
* 3Com 3C905xx (100Mb PCI Adapter)
* 3Com Etherlink III 16BIT-ISA
* 3Com MegaHertz, model 3CCe589EC (PCMCIA)
* Trust NE2000+ Compatible EtherCombo/Pair/Coax-16 Ethernet Adapter
* Kingston KNE40-BT PCI Card
* RTL8029 PCI Ethernet Adapter
* RTL8139 Fast Ethernet Adapter (2002.02.13)
* D-Link DFE-500TX Fast Ethernet Adapter (Tulip chip series)
* Compex ReadyLink 100TX (100Mb PCI Adapter)
* Microsoft Virtual PC 2004 NIC emulation (with eCS running as guest)
* Many more...
=================================================================
2. I N S T A L L A T I O N I S S U E S
=================================================================
2.1 General
-----------
INSTALL.CMD backs up CONFIG.SYS and PROTOCOL.INI before updating
the files with the required changes.
The FXWRAP.SYS file will be automatically copied from the product
directory to x:\IBMCOM\PROTOCOL, where x: is the drive where MPTN is
installed.
IP Forwarding must be enabled in the OS/2 operating system. IP
Forwarding is a feature of the IP stack that allows packets to
traverse NICs - thereby allowing features such as NAT to work.
The feature can be enabled in the OS2 TCP/IP configuration or
simply by adding the line "IPGATE ON" to x:\MPTN\BIN\SETUP.CMD.
Reboot after installation is required if a new FXWRAP driver was
installed.
2.2 Creating Desktop icons
--------------------------
InJoy Firewall desktop icons on OS/2 are created by FOLDER.CMD.
You can run FOLDER.CMD right after driver installation and at any
future point in time.
FOLDER.CMD will always safely refresh/re-create your desktop icons. Also
at such times where you for example need to move the InJoy Firewall to a
new directory or when you re-install OS/2.
=================================================================
3. S Y S T E M I M P L I C A T I O N S
=================================================================
Installation of FXWRAP.SYS makes it impossible for MPTS.EXE to
correctly process PROTOCOL.INI. If you need to use MPTS to change
your network and protocol configuration, then uninstall FXWRAP,
make MPTS changes, and reinstall FXWRAP. Simply use INSTALL.CMD
to install and uninstall FXWRAP. Takes only a few seconds.
IMPORTANT: A new device driver can potentially cause malfunction and
failure to boot. This can be caused by conflict with hardware or other
device drivers and although unlikely, this may happen to you.
If you experience such troubles, you need to use OS/2 Warp's Maintenance
Desktop to recover your system. When you boot OS/2, you will see a white
box in the upper left hand corner followed by "OS/2." Hit ALT-F1, and a
menu pops up with several options such as immediately dropping to a
command line. Dropping to a command line allows you to manually uninstall.
Having done that you be able to reboot normally and contact F/X
Communications for further help.
=================================================================
4. M A N U A L I N S T A L L A T I O N
=================================================================
The InJoy Firewall offers automatic installation, be sure to check
that first (install.cmd).
This section offers guidance for manually installing the InJoy Firewall
by editing standard text files. Use manual installation for large scale
distribution and for non-standard installation on multiple network adapters.
To keep the InJoy Firewall simple for the most typical setup, it has been
intentionally designed for easy installation on ONE insecure interface.
You can however install the InJoy Firewall to multiple network interfaces,
in which case manual install to the second adapter is required.
4.1 Installing manually for ONE LAN interface
---------------------------------------------
To manually install the InJoy device driver, go through the following
steps:
1) Load FXWRAP.SYS in CONFIG.SYS.
Example: DEVICE=D:\FXWRAP\FXWRAP.SYS
To prevent Internet access, when InJoy isn't loaded, add /S.
2) Edit IBMCOM/PROTOCOL.INI to add the bindings for FXWRAP.SYS. Adding the
bindings will put FXWRAP.SYS in between the IP Stack and the actual
Network Adapter (NIC):
In the following 1 NIC setup, the installation process will require the
following change to the PROTOCOL.INI:
Before installation:
[TCPIP_nif]
DriverName = TCPIP$
Bindings = UL000XO_nif
[UL000XO_nif]
DriverName = ETHNE$
RamAddress = 0xD000
After installation:
[TCPIP_nif]
DriverName = TCPIP$
Bindings = FXWRAP_nif
[UL000XO_nif]
DriverName = ETHNE$
RamAddress = 0xD000
[FXWRAP_nif]
Drivername = FXWRAP1$
Bindings = UL000XO_nif
4.2 Installing manually for MULTIPLE LAN interfaces
---------------------------------------------------
To manually install more than one instance of the InJoy Firewall indicates
a configuration with at least 2 insecure interfaces. The InJoy Firewall
can be installed on every insecure insecure LAN interface, but only the
first copy of the driver can be installed using the install script.
Installing the second version of the InJoy Firewall requires these
manual steps:
1: Create an extra directory with a separate copy of the InJoy
Firewall installed
2: Edit CONFIG.SYS to load FXWRAP.SYS for every insecure LAN
interface. Example:
DEVICE=D:\IBMCOM\MACS\EL90X.OS2
DEVICE=D:\IBMCOM\MACS\FXWRAP.SYS
DEVICE=D:\IBMCOM\MACS\EL90X.OS2
DEVICE=D:\IBMCOM\MACS\FXWRAP.SYS
3: Edit PROTOCOL.INI to bind with both FXWRAP.SYS drivers. Example:
[TCPIP_nif]
DriverName = TCPIP$
Bindings = FXWRAP_nif,FXWRAP_nif2
[EL90XIO2_nif]
DriverName = EL90X$
MaxTransmits = 40
Slot = 9
[EL90XIO2_nif2]
DriverName = EL90X2$
MaxTransmits = 40
Slot = 8
[FXWRAP_nif]
Drivername = FXWRAP1$
Bindings = EL90XIO2_nif
[FXWRAP_nif2]
Drivername = FXWRAP2$
Bindings = EL90XIO2_nif2
4: In the InJoy Firewall configuration file, bind with the respective
FXWRAP.SYS driver by specifying its device ID. The first loaded
FXWRAP.SYS has device ID 1. Example of the two Firewall configuration
files below:
SETTINGS Device-Index = 1, ; bind to first loaded FXWRAP.SYS
Priority = 75,
---- cut ----
SETTINGS Device-Index = 2, ; bind to secondly loaded FXWRAP.SYS
Priority = 75,
---- cut ----
=================================================================
5. M A N U A L D E I N S T A L L A T I O N
=================================================================
5.1 Quick deinstallation
------------------------
The InJoy install script leaves backup copies of the modified
system files and restoring these brings your system back to
normal. The backup files are named with an .00? extension in
the same directory as the original files. Simply restore
CONFIG.SYS and PROTOCOL.INI from the the old backup copies.
After rebooting your system will be back normal.
5.2 Full manual deinstallation
------------------------------
The procedure to manually deinstall is described step by
step below. Caution: Your networking won't work if you
uninstall the wrong way:
1) Locate PROTOCOL.INI (usually located at in \IBMCOM directory).
2) Open PROTOCOL.INI in OS/2 System editor.
3) Locate FXWRAP section - should look like this:
[FXWRAP_nif]
Drivername = FXWRAP1$
Bindings = DC21X4
Note Bindings parameter
(DC21X4 is the network card used in our example).
Walk through PROTOCOL.INI, in order to locate the Bindings
parameter in each section. If a Binding parameter exists and
it points to FXWRAP, then replace each occurrence of FXWRAP_nif
with DC21X4.
Now, remove the FXWRAP_nif section and save PROTOCOL.INI.
4) Open CONFIG.SYS in OS/2 System editor.
5) Locate line that loads FXWRAP.SYS and remove it.
6) Save CONFIG.SYS and close editor.
7) Reboot your computer to deactivate FXWRAP.SYS
If you see error messages during boot-up or your network does not
work properly, then you should reboot into the Maintenance Desktop
and start a command line window. Using the command line window you
should check your uninstallation.
Comments
