[prev in list] [next in list] [prev in thread] [next in thread] 

List:       hpux-admin
Subject:    [HPADM] [SUMMARY] disabling IP forwarding
From:       pablo () hp827 ! mecon ! ar
Date:       1997-09-30 1:00:01
[Download RAW message or body]

Hi 

Thanks to :

	Stephan, Felix <F.Stephan@lingl.com>
	Chuck Kenyon <chuck@npiww.com>
	Ilan Green <ilang@amdocs.com>
	dbudne@siac.com
	Yiming Zhang <yzhang@INTEGRIX.COM>
	taylorr3@nationwide.com


In few words, I must change ipforwarding in kernel with adb.

Here are the replies :

From: Ilan Green <ilang@amdocs.com>
-----------------------------------------------------------------------------
In order to disable ip forwarding on a 9.X you should add the following
lines to the /etc/rc:
echo "ipforwarding/W 0" | adb -w /hp-ux  /dev/kmem
echo "ipforwarding?W 0" | adb -w /hp-ux /dev/kmem

For hp-ux 10.X you have the /usr/contrib/bin/nettune utility which has
the ability to change 
the ip forwarding and other features.
-----------------------------------------------------------------------------




From: dbudne@siac.com
-----------------------------------------------------------------------------
There is no parameter to turn off ipforwarding. You may patch
the kernel with the script below. Add this into you /etc/localrc.

If you have multiple lan cards on the same segment and are running 
multiple subnets on the same physical media you MUST turn off ipforwarding
to avoid broadcast storms.

adb -w /hp-ux /dev/kmem << XXeofXX
ipforwarding/W 0
ipforwarding?W 0
XXeofXX
-----------------------------------------------------------------------------




From: Chuck Kenyon <chuck@npiww.com>
----------------------------------------------------------------
if you mean ip forwarding, hp just sent us an unsupported script the
other day that allows toggling the option in the active kernel and the
hp-ux kernel file.  If you rebuild the kernel for any reason, though,
the option may revert back to initial state (i'm not reaaly sure about
this behavior tho...)
I'll forward you the script in a subsequent mailing...

<< SCRIPT with the adb code stripped >>
----------------------------------------------------------------




From: "Stephan, Felix" <F.Stephan@lingl.com>
----------------------------------------------------------------
I mean, that it is not necessary to make any changes in the kernel

Please try to config the gatedeamon in the file /etc/gated.conf and
use the parameter "noannounce" to disable the routing into your 2nd net.
----------------------------------------------------------------
R : I'm not running gated, but thanks



From: Yiming Zhang <yzhang@INTEGRIX.COM>
----------------------------------------------------------------
I never use HPUX, on Solaris, there is a command "ndd" to set this.
BTW, (also on Solaris), you can ifconfig one of the NIC as "private"
so that the local LAN router do not advertise this IP in its
route table, so if only this NIC has different subnet IP, no outsider
can reach it. Hope HP has similiar functions.
----------------------------------------------------------------
R : no, HPUX don't have 'ndd' or 'private' options, but thanks



--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@cv.ruu.nl
  Name: hpux-admin@cv.ruu.nl                 Owner: owner-hpux-admin@cv.ruu.nl
 
 Archive:     ftp.cv.ruu.nl/pub/digests/hpux-admin       (FTP, browse only):
   *NEW*:     http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)

[prev in list] [next in list] [prev in thread] [next in thread]