HPE Community
Operating System - HP-UX
1832616 Members
3485 Online
110043 Solutions
New Discussion

HP-UX 11.0 Box in DMZ problems with NAT?

 
Geoff Sanders_1
New Member

‎07-06-2001 09:05 AM

‎07-06-2001 09:05 AM

HP-UX 11.0 Box in DMZ problems with NAT?

I have the hp-ux box in a DMZ with a NAT'd address. Whenever I add a default route to the outside, services still work to the inside, but are painfully slow. I haven't entered anything on the box to let it know it has an equivelant outside address. Whenever I add a route that includes an address in the outside subnet that it is in, the same slowness happens. When doing a netstat -r after a default gateway entry, results post very slowly.
0 Kudos
Reply
6 REPLIES 6
Aaron Caine
Advisor

‎07-06-2001 09:24 AM

‎07-06-2001 09:24 AM

Re: HP-UX 11.0 Box in DMZ problems with NAT?

This may be a little off base, but it was for me as well the first time someone told me that this could be the solution to this type of problem.

It may be that your network port speed (10/100 Half/Full Duplex) is off. The behaivor you are describing is *exactly* what happened to me when I had half duplex set instead of full.

You can play with these settings (using extreme caution, of course) by:

As root, lanscan will tell you the CrdIN# (HPUX11.00) of your hardware (mine is 0).

Now, lanadmin -x (the number from above)
lanadmin -x 0

You should see:

Current speed = 10 Half-Duplex Auto-Negotiation-ON (something like this)

You can force the port to a certain speed by:

lanadmin -X 100FD (100Mbps, full duplex)
lanadmin -X 100HD (100Mbps, half duplex)
lanadmin -X 10FD (... etc)
lanadmin -X 10HD

This fixed a similar problem for me, but be careful, this can make things worse if you try to do something your hardware can't.

I hope this helps...
0 Kudos
Reply
Geoff Sanders_1
New Member

‎07-06-2001 09:43 AM

‎07-06-2001 09:43 AM

Re: HP-UX 11.0 Box in DMZ problems with NAT?

Aaron,
Thanks for the help, but that wasn't the problem. If I remove the default route to the external side, the problems go away and telnet, ftp etc. are very fast. I checked the duplex and it was correct at 100FD on both ends. Also, trying ftp, telnet from a machine in the DMZ along with the hp-ux machine shows the same slowness after adding the outside route. Thanks for trying.
0 Kudos
Reply
John Bolene
Honored Contributor

‎07-06-2001 10:23 AM

‎07-06-2001 10:23 AM

Re: HP-UX 11.0 Box in DMZ problems with NAT?

It could be a DNS issue.

Is DNS pointing to the Internet or just internal IP's?

You may need to add the external addresses to the internal DNS or the internal adresses to the hosts file. It is probably looking for either name to IP or IP to name.

On my setup which uses an outside Internet DNS server, I had to add all the internal addresses to the hosts file and set /etc/nsswitch.conf to look at files first, then it looks at internet addresses from the DNS server.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
0 Kudos
Reply
Geoff Sanders_1
New Member

‎07-09-2001 06:46 AM

‎07-09-2001 06:46 AM

Re: HP-UX 11.0 Box in DMZ problems with NAT?

John,
the DNS entry is for an external DNS server that is on the same subnet as the external NAT'd address of the hp-ux machine. There is an entry in the DNS server for the NAT'd address. In the hosts file there is an entry for it's internal 192.168. DMZ address. A cisco Pix with aliases enables inside machines to see the dns name as an internal 192.168 address. The external addresses are 198.189 . Whenever I add a route that includes the 198.189 subnet, that's when I get the problems.

Thanks
0 Kudos
Reply
John Bolene
Honored Contributor

‎07-09-2001 07:30 AM

‎07-09-2001 07:30 AM

Re: HP-UX 11.0 Box in DMZ problems with NAT?

OK, now I am puzzled.
Why would you want a default route to the outside?

This means that all responses are directed back to the default route (on the internet) even for responses internally. The outside machine then has to direct them back to the internal machine.

I have a Linksys firewall/router that provides my NAT and I have it as the default gateway.
It decides whether the address is internal or external.

Sign me puzzled and curious.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
0 Kudos
Reply
Geoff Sanders_1
New Member

‎07-09-2001 07:35 AM

‎07-09-2001 07:35 AM

Re: HP-UX 11.0 Box in DMZ problems with NAT?

The Firewall has 3 interfaces, Inside , Outside, DMZ. I'm trying to add the default route to the DMZ interface of the Firewall. I can enter a route to the inside through the Firewall DMZ interface, but when I add the default to it is when I get the slow response all around.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.