Configure SAProuter without SNC
To start SAProuter: from the UNIX prompt, enter saprouter -r.
This command starts SAProuter and loads the file saprouttab (router permission table), which
defines access control. If this file does not exist, you need to create it.
A route permission table must be used as of version 25 of the SAProuter.
You can start SAProuter automatically when you start the system. In UNIX, for example, change
your file /etc/rc accordingly.
The main SAProuter commands are:
saprouter: Display a complete list of the SAProuter parameters (all options and
examples of a route permission table) on your screen
saprouter -r: Start SAProuter
saprouter -s: Stop SAProuter
Testing Basic SAProuter Functions
Before you work with SAProuter, you should check for any network problems.
You will need the programs saprouter and niping, and three open windows (shells) on one or
Start SAProuter in window 1 (on host1) by entering the command: saprouter -r.
This command starts SAProuter without parameters.
Refer also to the online help for a complete list of SAProuter commands. To get online
help, type saprouter.
In window 2 (host2), start the test program niping to emulate a test server by entering the
command: niping -s
In window 3 (host3), start the test program niping to emulate a client by entering the
command: niping -c -H host2
This command tests the connection without the SAProuter, that is directly between host
2 and host 3.
In window 3, restart the test program niping by entering the command: niping -c -H
This command tests the connection with SAProuter. A host name is interpreted as a
route (via one or more SAProuters to the server), if the host name is preceded with /H/.
In steps 3 and 4 several data packets are sent to the server and then returned by the
Self-Test for the Local Host
To carry out a self-test for the local host:
Stop all active niping servers and clients
Enter the command niping -t
A list is displayed with function names, parameters and return codes.
The following message appears if the self-test is successful: "*** SELFTEST O.K. ***"
Define Passwords & Authorizations in SAProuter
You set passwords and access permissions for your system in user-defined files known as route
permission tables. You use a standard text editor to create a route permission table.
You can allow access to and from specified application servers in your LAN via your SAProuter.
You can also password protect the routes you define. To do this, you must create and configure
a separate route permission table for each SAProuter in your network.
A route permission table contains the host names and port numbers of the preceding and
subsequent point of the route, and any passwords required to make the connection.
Entries in a route permission table look like this:
< P/D> <source-host> <dest-host> <dest-serv> <password>
Here, <source-host> and <dest-host> could be SAProuters.
P(ermit) allows SAProuter to build the connection. P(ermit) entries can include a password.
SAProuter checks that this password matches the password sent by the client.
D(eny) prevents the connection from being built.
You can also include comment lines, which must begin with ‘#'.
If a client of <source-host> wants to connect with <dest-host> <dest-serv> via a SAProuter, the
SAProuter checks its route permission before making the connection. If the password and route
that SAProuter receives are identical to the entries in the route permission table, SAProuter will
make the connection. If the passwords are not identical, SAProuter will not make the
If no route permission table was assigned explicitly to the SAProuter, ./saprouttab is used. If this
file is not available, connections are made without a check, that is, all connections are allowed.
You can include wildcards ("*") in hosts, ports and passwords.
You can include subnetworks in host routes.
156.56.*.* all host addresses beginning with 156.56
133.27.17.* all host addresses beginning with 133.27.17
156.56.1011xxxx all host addresses from 156.56.176.* to 156.56.191.*.
(This is a binary interpretation of the third byte of the address. ‘x' is a binary wildcard.)
You can display a sample route permission table on your screen. To do this, call the SAProuter
online help: saprouter.
If there are several suitable entries, the first one is selected. This is important for the sequence
of the permit/deny rules.
Additional SAProuter Options
Getting SAProuter information from remote computers
You can display a list of all currently active clients in an active SAProuter.
To get a list of the clients for an active SAProuter:
Enter the command: saprouter -l -H host -P password.
If required, you can define a password in the route permission table. If no host name is
specified, the program will connect via localhost to the SAProuter on the same host. If the query
does not come from the same host, the SAProuter checks whether its route permission table
allows the combination: <other_host> localhost <router_service>. This entry can also include a
password. The password is checked against the information password sent by the calling
program. The host name can also contain a route.
connection from (client name / address)
connection to (partner name / address)
connection requests rejected by the route permission table
Changing the name of the route permission table
When you start your SAProuter, you can enter a route permission table differing from the default
setting "saprouttab" using the option -R: saprouter -r -R aclfile (aclfile is the name of the file
contained in the route permission table). This is helpful when you need multiple route
Changing the timeout default value for connection setup
When you start your SAProuter, you can change the default timeout setting of five seconds for
the connection setup using the option -W: saprouter -r -W timeout (timeout is the new timeout in
milliseconds). Use this option if you have problems with dynamically established connections via
ISDN or network providers.