Help on Relay Agents

What is a relay?
Adding a relay
- Setting the relay destination port
- Special protocol support
Removing or changing a relay
Relays for World Wide Web clients
Relays for Telnet, SMTP and FTP

Relay Agent Configuration

What is a relay?

A Fire Door relay is a link between your private network and the Internet. Each relay connects a TCP or UDP port on your private network to a similar port on another machine.

For example, the most common relay is for the World Wide Web. Fire Door is normally configured to relay WWW requests between your private network and the "proxy" server belonging to your service provider. Any number of relays can be added for any TCP or UDP based service, including Telnet and SMTP.

Fire Door has a permanent relay for the "SOCKS" protocol on port 1080. This protocol was specifically design for firewalls, and allows SOCKS enabled applications to access any Internet resource. Netscape Navigator is an example of a SOCKS enabled application.

Port 1081 is used for the Fire Door HTTP port.

Adding a new relay

Three pieces of information are required to set up a relay:

the number of the port, or the service name, to be relayed,
the transport used by the protocol (UDP or TCP)
the IP number or name of the host machine that the service is to be relayed to

For example, to set up a World Wide Web relay from your Fire Door machine to your service provider, you might have the following:

the service name is "www", or the port number is 80
the transport used is TCP
the name of your service provider host might be "host.isp.com"

To add this relay to your configuration, go to the Add New Relay form and type the service name and the transport type separated by a "/" character into the field labeled "New relay service". For the example above, the string entered would be "www/tcp" or "80/tcp".

The name or IP number of the destination host machine should then be entered into the field labeled "New relay destination".

Once these values are entered, click the button labelled "Accept". A new page will be displayed confirming that the relay agent has been added. Use the "Back" button on your Internet browswer to return to the Relay Agent page, which should appear with the new relay agent in the list of Currently Active Relays.

NOTE: - the use of strings for specifying relay service ports, rather than explicit port numbers, is encouraged.

Setting the relay destination port

By default, the port number used on the relay destination will be the same as the port specified for the service name. This can be changed by specifiying a port number or service name after the relay destination separated by a colon (":") character.

For example, to map port 2000 on your Fire Door host to the "www" port of the machine called "another.isp.com", you could use the values "2000/tcp" and "another.isp.com:www"

Special protocol support

A Fire Door relay normally connects a service to a single host. For example, a normal relay will connect the Telnet port (23/tcp) on the Fire Door host to the Telnet port on another machine, allowing any user on your private network to Telnet to that machine as though it were on the local network.

For some protocols however, it is useful to allow a single port to connect to any number of hosts. By specifying the relay destination as the special string "(ASK)", Fire Door will prompt the user connecting to that port, eg via Telnet, to for the name of the host to connect when they connect to that port. For an example of how to set up a general Telnet port using this method, see Relays for Telnet, SMTP and FTP below.

Removing or changing a relay

Removing a relay agent can be done by deleting the contents of the relay destination field field in the correct entry of the Currently Active Relays list. After pressing the "Accept" button and returning to the Relay Agent page, the relay agent will have been removed.

If you need to change the relay destination of a relay agent, enter the new value into the correct field of the Currently Active Relays list and then press the "Accept" button. This will update the relay agent configuration with the new information.

NOTE: It is not possible to change the relay service field of a relay in the Currently Active Relays list. To change the port and protocol of a relay, first remove the agent and then add it again with the new paramaters.

Relays for World Wide Web clients

If you are using a SOCKS enabled browser, such as Netscape Navigator, then the automatic SOCKS relay agent in Fire Door will perform all of the relaying of 'Web requests. In this case, no relay for the "www/tcp" service will be required. See Configuring a SOCKS client for more information on configuring SOCKS browsers.

If you are using Microsoft Internet Explorer, or any other non-SOCKS browser, you will need to add a relay for the "www/tcp" service to your Fire Door configuration. See Add a "www/tcp" relay for more information. In this case, you will only be able to get full Web capability if your service provider is using a proxy server. Fortunately, most service providers use proxy servers to increase performance.

Contact your service provider if you are unsure whether they provide a proxy service.

Relays for Telnet, SMTP and FTP

Other common relays that may be configured are: