HPE Community
Operating System - HP-UX
1752596 Members
5000 Online
108788 Solutions
New Discussion юеВ

Re: Able to ssh but no,t ping and telnet

 
SOLVED
Go to solution
Pattabhi
Frequent Advisor

тАО02-27-2007 12:01 AM

тАО02-27-2007 12:01 AM

Able to ssh but no,t ping and telnet

Hi,

Ok, i think i have cracked my head enough, so time to pull the guru's in...

I have just installed a 11.23 OS on a new box after all the configs are over, i am only able to ssh to the box and login to it. i am not able to ping the box(host unreachable) and not even able to telnet.

i am able to ping other unix boxes from the hp box, but not visa-versa ... even a traceroute times out....

I am not sure if i am missing anything, any help is appreciated. Also let me know if i need to check for any firewall settings and if yes, how?

Regards,
Pattabhi Raman
0 Kudos
Reply
4 REPLIES 4
Sundar_7
Honored Contributor

тАО02-27-2007 02:14 AM

тАО02-27-2007 02:14 AM

Re: Able to ssh but no,t ping and telnet

Pattabhi,

This is probably because you have the ipmon (host firewall) running.

# ps -ef | grep -i ipmon

Stop the ipmon (killing may using kill may not be a very good idea here).

Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Wyman Wong Man Wai
Advisor

тАО02-27-2007 02:25 AM

тАО02-27-2007 02:25 AM

Solution

Re: Able to ssh but no,t ping and telnet

I think you select a high predefined security level during installation. See http://docs.hp.com/en/5991-4794/ch03s05.html

You may manually configure ipfilter (ipf) and inetd yourself OR remove Sec20MngDMZ and Sec30DMZ by swremove.

I suggest you remove Sec20MngDMZ and Sec30DMZ but leave Sec10Host. And then manually configure inetd and ipf you need higher security.
Reply
Emil Velez
Honored Contributor

тАО02-27-2007 02:05 PM

тАО02-27-2007 02:05 PM

Re: Able to ssh but no,t ping and telnet


HPUX has a security feature called bastille. It allows you to automatically configure your system for varying levels of security.

One of the options from the OS install CDs is to install a certain Bastille confiuration. It looks like you installed a bastille configuration where SSH is enabled but either inetd is not running or the entries for telenet, ftp etc are disabled in inetd.conf.

IN addition HPUX has a firewall feature called ipfilter. One of the features of ipfilter is to not reply to icmp or certain IP or mac addresses. The IPFILTER firewall can also be configured by bastille to not reply to pings.

This really is a great feature to hide the system from network snooping.

Good luck

Emil
0 Kudos
Reply
Pattabhi
Frequent Advisor

тАО02-28-2007 04:58 PM

тАО02-28-2007 04:58 PM

Re: Able to ssh but no,t ping and telnet

Thanks mates... i had no idea about bastille, untill you guys enlightened me about it...

Thanks
Pattabi RAman
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.