HPE Community
Operating System - HP-UX
1753587 Members
6567 Online
108796 Solutions
New Discussion

FTP via package IP

 
SOLVED
Go to solution
chindi
Respected Contributor

‎12-22-2014 10:57 PM - last edited on ‎12-23-2014 06:04 PM by

‎12-22-2014 10:57 PM - last edited on ‎12-23-2014 06:04 PM by

FTP via package IP

Hi guys,

 

We are using 11iv3 servers , SG 11.20 , when we ftp some file from our server to target its going via physical IP , Our network guy saying can you change it such that the traffic must go via package IP ?

Is it possible in HPUX ?

If yes then how can we achieve it ?

 

 

P.S. This thread has been moved from Networking to HP-UX > Serviceguard. - Hp Forum Moderator

0 Kudos
Reply
3 REPLIES 3
Bill Hassell
Honored Contributor

‎12-23-2014 07:32 AM

‎12-23-2014 07:32 AM

Re: FTP via package IP

For Service Guard nodes, there is a local IP address that is reserved for maintenance only. The package IP is tied to the package and remains unchanged regardless of which node in the cluster is running the package. Always use the package IP address for package data. The node IP addresses should be used only for cluster changes, never for package data.



Bill Hassell, sysadmin
0 Kudos
Reply
chindi
Respected Contributor

‎12-24-2014 03:28 AM

‎12-24-2014 03:28 AM

Re: FTP via package IP

Hi Bill,

 

 I got solution for this reqmnt in one of forum , but its not working for us.

 


You are initiating a FTP session from a cluster node running the package. You want the target to think the FTP session is coming from the "package" IP instead of the permenant IP on the node. Correct?

What we did to work around this was to add a route specific to the target system.

/usr/sbin/route add host target-ip gateway-ip

The target is the system you want to connect to, the gateway would be your package IP. This made it appear to the target system that the connection came from the package IP and not the permenant IP.

 


Our ftp to destination server gets completely blocked.

 

 

 

 

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-24-2014 08:34 AM - edited ‎12-24-2014 08:37 AM

‎12-24-2014 08:34 AM - edited ‎12-24-2014 08:37 AM

Solution

Re: FTP via package IP

OK. The FTP session must be initiated by the package. This is a case where the program (FTP) needs to call bind() in order to associate the source as a specific IP address, but standard ftp doesn't have this option. This has been discussed a lot but I haven't seen an official HP Service Guard solution yet. The best discussion is in the gray paper by Olivier S. Massé a few years ago:

 

Understanding HP-UX Routing gray paper

 

However, the best solution would be to use scp/sftp as it has the BindAddress option. scp/sftp also encrypts the data which is an important security feature, one that ftp does not have:

 

sftp -o BindAddress=12.34.56 user_name@target_IP



Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.