HPE Community
Operating System - HP-UX
1833875 Members
2037 Online
110063 Solutions
New Discussion

Re: How to avoid pinging default gateway

 
Roberto Volsa
Frequent Advisor

‎03-26-2006 08:49 PM

‎03-26-2006 08:49 PM

How to avoid pinging default gateway

Hello all,
i need that my C3600 wsn should not ping the default gateway, also if this is configured in netconf file.
Any suggestion?

Thanks in advance
0 Kudos
Reply
4 REPLIES 4
Muthukumar_5
Honored Contributor

‎03-26-2006 09:01 PM

‎03-26-2006 09:01 PM

Re: How to avoid pinging default gateway

You can set in your default gateway machine. There is a possiblity to do there in server side. However, changes will effect to all machines.

If you want to do in your hp-ux machine then,

1) Remove route entry which leads to gateway (It is not possible when you are having default route)

2) Write a wrapper to ping and check the ip-address | hostname given to ping and call the reall ping binary if it is not gateway.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

‎03-26-2006 09:02 PM

‎03-26-2006 09:02 PM

Re: How to avoid pinging default gateway

Hi,

If your intension is just to block the ping packets "ICMP/ECHO".. then try "ipfilter" product that is included with 11i by default.

You need to check whether the product is installed or not..

$ /usr/sbin/swlist | grep -i ipfilter

If/Once installed try this doc to acheive your requirement...

http://www.docs.hp.com/en/B9901-90018/index.html

Regards,
Senthil Kumar .A
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

‎03-26-2006 09:16 PM

‎03-26-2006 09:16 PM

Re: How to avoid pinging default gateway

Hi again,

If IPfilter product is configured , the rule mentioned below specifically will acheive your requirement...

The rule for blocking the ping to the router is shown below... I have assumed the router IP to be "192.168.1.1". icmp-type 8 is "ping"

block out quick on lan0 proto icmp to 192.168.1.1 icmp-type 8

For more info ..refer below...

http://docs.hp.com/en/B9901-90014/ch02s03.html

Regards,
Senthil Kumar .A
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎03-26-2006 09:53 PM

‎03-26-2006 09:53 PM

Re: How to avoid pinging default gateway

For HP-UX ver 11.00 and up, there is a dead gateway detection feature that is on by default. This feature will ping the gateway every few minutes to make sure it is still there. For security, many network admins will disable ping responses for the gateway and HP-UX will disable the route after a few minutes.

To see if the setting is turned on or off, use:

ndd -get /dev/ip ip_ire_gw_probe

1 means the detection feature is enabled. To turn off this feature:

ndd -set /dev/ip ip_ire_gw_probe 0

This is a temporary change. To make it permanent, edit your /etc/rc.config.d/nddconf file to add:

TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_ire_gw_probe
NDD_VALUE[0]=0

Be sure to substitute the next available array element for [0] in case [0] is already in use.

Note also that for 11.00, early versions of ndd had a bug that prevented the changes in nddconf from taking effect. Get the latest ndd patch.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.