Chapter 4. Implementation scenario: Tivoli Firewall Security Toolbox 131
Children-remote-list=tic01004+7020
Children-cm-type=cm-tcp-unidirectional
buffer-size=1024
[Children-cm-info]
connection-mode=client
local-port-range=4000-4010
In order to make these changes effective we need to stop/star t the RC Target
Proxy service.
The Relay.cfg configuration file
The relay.cfg file contains all the information related to the Relay settings we
specified during the Relay component installation,. This file is located in the
Relay installation directory and can be modified at any time. Example 4-4 shows
the Relay configuration file based on the values we provided in Table 4-6 on
page 127 immediately after the installation process.
Example 4-4 The Relay.cfg after the installation
[communication-layer]
Children-local-port=7021
Children-remote-list=tic01005+8020
parent-local-port=7020
parent-remote-host=tic01003
parent-remote-port=6020
parent-cm-type=cm-tcp-unidirectional
Children-cm-type=cm-tcp-unidirectional
[log]
log-file=Relay.log
debug-level=3
max-size=1
[parent-cm-info]
connection-mode=server
[Children-cm-info]
connection-mode=client
In order to have a more restrictive security communication between the Relay
and the RC Controller Proxy, we decided to define a range of ports the RC
Target Proxy could communicate with the Relay. Similarly to the RC Proxies, this
can be achieved by using the local-port-range parameter in the
[children-cm-info] clause of the Relay.cfg file. In our scenario, we specified a
port range with only 2 ports (4023-4024) that will allow this Relay to act as Parent
for up to 2 Child Proxies. Example4-5 shows the resulting rcproxy.cfg file on the
Relay: