HPE Community
Operating System - HP-UX
1829810 Members
1968 Online
109993 Solutions
New Discussion

Forward traffic from one host:port to another one

 
SOLVED
Go to solution
Eric Martin_1
Occasional Contributor

‎03-12-2007 12:16 AM

‎03-12-2007 12:16 AM

Forward traffic from one host:port to another one

Hi!
I have a Service Guard cluster running on hp-ux 11.0 and one of the Service Guard package is a LDAP server. This LDAP will be moved to a Linux box and for some time we would like to forward all the traffic that is accessing this ldap server to the new one. So basically I'd like to forward traffic from : to :. (host1 in this case is a Service Guard package).

Do you know if I need only ndd to achieve this? Or do I need an extra software like IP filter? Did someone already did this?

Thanks a lot...
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎03-12-2007 03:11 AM

‎03-12-2007 03:11 AM

Re: Forward traffic from one host:port to another one

Shalom,

ideas:
ipfilter for HP-UX might be able to do it.
See http://software.hp.com to see if its still out there for 11.00.

Or:
Put a Linux box with firestarter on it in front of the HP-UX box and configure it to forward all traffic on certain ports to the new box and pass through everything else to the HP-UX box.

This second solution will work, I've done it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Court Campbell
Honored Contributor

‎03-12-2007 04:02 AM

‎03-12-2007 04:02 AM

Solution

Re: Forward traffic from one host:port to another one

Another idea would be to try stunnel. You could have one stunnel daemon listen on host1:port1 and forward to localhost:portX. then have another stunnel daemon listen on localhost:portX and have it forward to host2:port2. It sounds complicated but it really isn't.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Reply
rick jones
Honored Contributor

‎03-12-2007 01:46 PM

‎03-12-2007 01:46 PM

Re: Forward traffic from one host:port to another one

If LDAP was one of the service guard packages, that implies it had a unique associated IP address and name.

I can see where you might not be able to simply move the unique IP address to the new Linux (Integrity or ProLiant I trust :) server, but you should be able to just reassign the name->IP mapping in your DNS.

As for "fowarding" from within the stack, that means rewriting the headers (ie the IP header and the dst/src IP depending on the direction, then I _think_ you can get ipfilter to do what you want, but you'd have to check the docs - http://docs.hp.com/ - it would involve the NAT functionality I suspect.

Another option is to write an application-level gateway. A rather simple/simplistic program which simply bound to the LDAP port on host1, and whenever it received a connection, it established a second connection to LDAP at host2:port2. When any data arrived on either of those sockets, it would be echoed to the other socket, whenever either socket closed, it would close the other socket. A select() or poll() call in there to allow the single-threaded program to handle many connections. Probably a couple hundred lines of code at most. If you weren't able or willing to write it yourself, I suspect that HP Services would be more than happy to for a nominal fee :)
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
Eric Martin_1
Occasional Contributor

‎03-14-2007 03:42 AM

‎03-14-2007 03:42 AM

Re: Forward traffic from one host:port to another one

Thanks a lot for these solutions!
I will go for the stunnel solution as it seems more simple. IPfilter would need to check all traffic on all network interface and because I'm in a Service Guard environment with something like 15 IP adresses, it might have a more severe performance impact.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.