HPE Community
Operating System - HP-UX
1820271 Members
3178 Online
109622 Solutions
New Discussion юеВ

disabling/enabling ip forwarding

 
SOLVED
Go to solution
Rumen Ginev
Frequent Advisor

тАО08-15-2001 11:42 PM

тАО08-15-2001 11:42 PM

disabling/enabling ip forwarding

Hi,

I have HP-UX 10.20 system, configured as a firewall with Check Point 4.1. In /sbin/init.d there is a script which disables ip packets forwarding by the command:

echo "ipforwarding /W 0" | adb -w /stand/vmunix /dev/kmem

Further the forwarding is performed by the firewall components ( a driver in the kernel, device file and a daemon ).
When I stop firewall daemon, forwarding of course stops too.
In this situation I would like to enable the normal "Unix-level" forwarding. I am not familiar with adb, but I suppose the command could look like:

#echo "ipforwarding /W 1" | adb -w /stand/vmunix /dev/kmem

Is this OK or it will crash the system :-))?

Thanks,
Rumen
0 Kudos
Reply
5 REPLIES 5
Praveen Bezawada
Respected Contributor

тАО08-16-2001 12:07 AM

тАО08-16-2001 12:07 AM

Re: disabling/enabling ip forwarding

Hi
On HPUX1100 you can use ndd to set the value of IP_FORWARDING dynamically
try
ndd -h ip_forwarding
and to get the value
ndd -get /dev/ip ip_forwarding
and set it as
ndd -setr /dev/ip ip_forwarding [0-2]
You can permanently set it in the nddconf file
I am not sure if ndd is available in HP10.20

...BPK...
0 Kudos
Reply
melvyn burnard
Honored Contributor

тАО08-16-2001 12:07 AM

тАО08-16-2001 12:07 AM

Solution

Re: disabling/enabling ip forwarding

This should work with no problems.
You can test it after the reboot by doing:
echo "ipforwarding?D" | adb /stand/vmunix /dev/kmem
and
echo ipforwarding/D | adb /stand/vmunix /dev/kmem

Th first one checks the actual vmunix file, the second one checks th erunning kernel in memory


HTH
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
Reply
Sridhar Bhaskarla
Honored Contributor

тАО08-16-2001 10:16 AM

тАО08-16-2001 10:16 AM

Re: disabling/enabling ip forwarding

ndd is not available on 10.20. Your adb
should work. You may want to consider either of
these two options

1) Forward always
2) Forward only if you have two interfaces

0) disable ip forwarding

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО08-16-2001 10:21 AM

тАО08-16-2001 10:21 AM

Re: disabling/enabling ip forwarding

Hi:

I have run Firewall1 on 10.20 and my solution was to use: nettune -s ip_forwarding 0
in an rc script. Ndd is not available under 10.20 but nettune is.

Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
Craig Gilmore
Trusted Contributor

тАО08-16-2001 03:23 PM

тАО08-16-2001 03:23 PM

Re: disabling/enabling ip forwarding

I'm surprised that adb is being called to set this value. That may have been the only way to do it prior to 10.01 but since the advent of nettune it is much easier.

From the nettune man page:

To set the value of the ip_forwarding object to 1:

nettune -s ip_forwarding 1

The 1 enables forwarding and a 0 disables.

Nettune eventually does the call to adb but this way if you screw up you don't get an unfriendly error message.

I recommend nettune over adb when possible.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.