InJoy Firewall for OS/2(R) Warp and eComstation(tm) Platform specific configuration and installation README. ================================================================= C O N T E N T S ================================================================= 1.0 Prerequisites 2.0 Installation issues 3.0 System Implications 4.0 Manual Installation 5.0 Manual Deinstallation ================================================================= 1. P R E R E Q U I S I T E S ================================================================= You are about to install a product that adds a new device driver (FXWRAP.SYS) to your OS/2 system. The device driver layers with existing device drivers shipped with your LAN adapter(s) and incompatibility or bugs in these drivers CAN potentially cause hazard to your OS/2 system. If you are NOT experienced in the following areas: * TCP/IP networking and routing * OS/2 recovery options (i.e. the Maintenance Desktop) THEN please backup critical data before installing this software and/or consult a local expert or seek help on the Internet. F/X Communications will in no way be held responsible for malfunctions or data loss inflicted by our software. 1.1 Supported Software ---------------------- InJoy will run on any of the below OS/2 platforms: * IBM OS/2 Warp(R) 3.x * IBM OS/2 Warp(R) 3.x Server * IBM OS/2 Warp(R) 4.x * IBM OS/2 Warp(R) 4.x Server for e-Business * eComstation(tm) 1.x, 2.x InJoy will generally work with any IBM TCP/IP stack. The following TCP/IP stacks have been tested by F/X: * TCP/IP 4.0e * TCP/IP 4.0y * TCP/IP 4.1 * TCP/IP 4.3x For PPP protocol variants, such as PPTP, PPPoE, apply IBM TCP/IP 4.3 fixes from: ftp://ps.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27649/ 1.2 Supported Hardware ---------------------- The InJoy Firewall has been tested with a multitude of Network Adapters on OS/2. Below a small list of (some of) the tested adapters: * 3Com Fast EtherLink/EtherLink XL Family OS/2 (3C900) * 3Com 3C905xx (100Mb PCI Adapter) * 3Com Etherlink III 16BIT-ISA * 3Com MegaHertz, model 3CCe589EC (PCMCIA) * Trust NE2000+ Compatible EtherCombo/Pair/Coax-16 Ethernet Adapter * Kingston KNE40-BT PCI Card * RTL8029 PCI Ethernet Adapter * RTL8139 Fast Ethernet Adapter (2002.02.13) * D-Link DFE-500TX Fast Ethernet Adapter (Tulip chip series) * D-Link DFE-530TX+ PCI Fast Ethernet Adapter * Compex ReadyLink 100TX (100Mb PCI Adapter) * Microsoft Virtual PC 2004 NIC emulation (with eCS running as guest) * Zonet ZEN3200 10/100 PCI Fast Ethernet Adapter * Many more... ================================================================= 2. I N S T A L L A T I O N I S S U E S ================================================================= 2.1 General ----------- INSTALL.CMD backs up CONFIG.SYS and PROTOCOL.INI before updating the files with the required changes. The FXWRAP.SYS file will be automatically copied from the product directory to x:\IBMCOM\PROTOCOL, where x: is the drive where MPTN is installed. IP Forwarding must be enabled in the OS/2 operating system. IP Forwarding is a feature of the IP stack that allows packets to traverse NICs - thereby allowing features such as NAT to work. The feature can be enabled in the OS2 TCP/IP configuration or simply by adding the line "IPGATE ON" to x:\MPTN\BIN\SETUP.CMD. Reboot after installation is required if a new FXWRAP driver was installed. 2.2 Creating Desktop icons -------------------------- InJoy Firewall desktop icons on OS/2 are created by FOLDER.CMD. You can run FOLDER.CMD right after driver installation and at any future point in time. FOLDER.CMD will always safely refresh/re-create your desktop icons. Also at such times where you for example need to move the InJoy Firewall to a new directory or when you re-install OS/2. ================================================================= 3. S Y S T E M I M P L I C A T I O N S ================================================================= Installation of FXWRAP.SYS makes it impossible for MPTS.EXE to correctly process PROTOCOL.INI. If you need to use MPTS to change your network and protocol configuration, then uninstall FXWRAP, make MPTS changes, and reinstall FXWRAP. Simply use INSTALL.CMD to install and uninstall FXWRAP. Takes only a few seconds. IMPORTANT: A new device driver can potentially cause malfunction and failure to boot. This can be caused by conflict with hardware or other device drivers and although unlikely, this may happen to you. If you experience such troubles, you need to use OS/2 Warp's Maintenance Desktop to recover your system. When you boot OS/2, you will see a white box in the upper left hand corner followed by "OS/2." Hit ALT-F1, and a menu pops up with several options such as immediately dropping to a command line. Dropping to a command line allows you to manually uninstall. Having done that you be able to reboot normally and contact F/X Communications for further help. ================================================================= 4. M A N U A L I N S T A L L A T I O N ================================================================= The InJoy Firewall offers automatic installation, be sure to check that first (install.cmd). This section offers guidance for manually installing the InJoy Firewall by editing standard text files. Use manual installation for large scale distribution and for non-standard installation on multiple network adapters. To keep the InJoy Firewall simple for the most typical setup, it has been intentionally designed for easy installation on ONE insecure interface. You can however install the InJoy Firewall to multiple network interfaces, in which case manual install to the second adapter is required. 4.1 Installing manually for ONE LAN interface --------------------------------------------- To manually install the InJoy device driver, go through the following steps: 1) Load FXWRAP.SYS in CONFIG.SYS. Example: DEVICE=D:\FXWRAP\FXWRAP.SYS To prevent Internet access, when InJoy isn't loaded, add /S. 2) Edit IBMCOM/PROTOCOL.INI to add the bindings for FXWRAP.SYS. Adding the bindings will put FXWRAP.SYS in between the IP Stack and the actual Network Adapter (NIC): In the following 1 NIC setup, the installation process will require the following change to the PROTOCOL.INI: Before installation: [TCPIP_nif] DriverName = TCPIP$ Bindings = UL000XO_nif [UL000XO_nif] DriverName = ETHNE$ RamAddress = 0xD000 After installation: [TCPIP_nif] DriverName = TCPIP$ Bindings = FXWRAP_nif [UL000XO_nif] DriverName = ETHNE$ RamAddress = 0xD000 [FXWRAP_nif] Drivername = FXWRAP1$ Bindings = UL000XO_nif 4.2 Installing manually for MULTIPLE LAN interfaces --------------------------------------------------- To manually install more than one instance of the InJoy Firewall indicates a configuration with at least 2 insecure interfaces. The InJoy Firewall can be installed on every insecure LAN interface, but only the first copy of the driver can be installed using the install script. Installing the second version of the InJoy Firewall requires these manual steps: 1: Create an extra directory with a separate copy of the InJoy Firewall installed 2: Edit CONFIG.SYS to load FXWRAP.SYS for every insecure LAN interface. Example: DEVICE=D:\IBMCOM\MACS\EL90X.OS2 DEVICE=D:\IBMCOM\MACS\FXWRAP.SYS DEVICE=D:\IBMCOM\MACS\EL90X.OS2 DEVICE=D:\IBMCOM\MACS\FXWRAP.SYS 3: Edit PROTOCOL.INI to bind with both FXWRAP.SYS drivers. Example: [TCPIP_nif] DriverName = TCPIP$ Bindings = FXWRAP_nif,FXWRAP_nif2 [EL90XIO2_nif] DriverName = EL90X$ MaxTransmits = 40 Slot = 9 [EL90XIO2_nif2] DriverName = EL90X2$ MaxTransmits = 40 Slot = 8 [FXWRAP_nif] Drivername = FXWRAP1$ Bindings = EL90XIO2_nif [FXWRAP_nif2] Drivername = FXWRAP2$ Bindings = EL90XIO2_nif2 4: In the InJoy Firewall configuration file, bind with the respective FXWRAP.SYS driver by specifying its device ID. The first loaded FXWRAP.SYS has device ID 1. Example of the two Firewall configuration files below: SETTINGS Device-Index = 1, ; bind to first loaded FXWRAP.SYS Priority = 75, ---- cut ---- SETTINGS Device-Index = 2, ; bind to secondly loaded FXWRAP.SYS Priority = 75, ---- cut ---- ================================================================= 5. M A N U A L D E I N S T A L L A T I O N ================================================================= 5.1 Quick deinstallation ------------------------ The InJoy install script leaves backup copies of the modified system files and restoring these brings your system back to normal. The backup files are named with an .00? extension in the same directory as the original files. Simply restore CONFIG.SYS and PROTOCOL.INI from the the old backup copies. After rebooting your system will be back normal. 5.2 Full manual deinstallation ------------------------------ The procedure to manually deinstall is described step by step below. Caution: Your networking won't work if you uninstall the wrong way: 1) Locate PROTOCOL.INI (usually located at in \IBMCOM directory). 2) Open PROTOCOL.INI in OS/2 System editor. 3) Locate FXWRAP section - should look like this: [FXWRAP_nif] Drivername = FXWRAP1$ Bindings = DC21X4 Note Bindings parameter (DC21X4 is the network card used in our example). Walk through PROTOCOL.INI, in order to locate the Bindings parameter in each section. If a Binding parameter exists and it points to FXWRAP, then replace each occurrence of FXWRAP_nif with DC21X4. Now, remove the FXWRAP_nif section and save PROTOCOL.INI. 4) Open CONFIG.SYS in OS/2 System editor. 5) Locate line that loads FXWRAP.SYS and remove it. 6) Save CONFIG.SYS and close editor. 7) Reboot your computer to deactivate FXWRAP.SYS If you see error messages during boot-up or your network does not work properly, then you should reboot into the Maintenance Desktop and start a command line window. Using the command line window you should check your uninstallation.