HPE Community
Operating System - HP-UX
1752736 Members
5675 Online
108789 Solutions
New Discussion

MC/ServiceGuard - Firewall Rules with Logical vs. Physical IP address

 
MidRange Support
Advisor

‎01-04-2001 12:26 PM

‎01-04-2001 12:26 PM

MC/ServiceGuard - Firewall Rules with Logical vs. Physical IP address

In the MC/ServiceGuard configuration a 'socket' application must BIND the logical IP address to the 'socket' client program via the 'bind' C system call to assure the 'outbound' IP packet matches the logical IP address and not the physical IP address of the NIC. The Oracle 'LISTENER' does this internally by default, but for in-house applications and external third party interfaces it becomes a challenge to perform the BIND.

The reason for contemplating this is to eliminate the need for additional firewall rules in the event of the 'package' moving to another server with a different physical IP address, not to mention Port Aggregation.

My questions:
What are the alternatives in dealing with the challenges as described above?

Handling a 'socket' is one thing, but what about 'ftp', which I am lead to believe traverses through the kernel on the 'outbound' transmissions, so you have no control unless you configure an enterprise 'ftp' server solution?

Any further opinions or discussion would be appreciated.

0 Kudos
Reply
1 REPLY 1
James R. Ferguson
Acclaimed Contributor

‎01-04-2001 12:51 PM

‎01-04-2001 12:51 PM

Re: MC/ServiceGuard - Firewall Rules with Logical vs. Physical IP address

Alan:

See the comments and references by John Palmer in this thread. Hopefully this helps:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0xb3b3d06ed8c8d4118fef0090279cd0f9,00.html

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.