HPE Community
Operating System - HP-UX
1847245 Members
2591 Online
110263 Solutions
New Discussion

Making sure routers and firewalls see the package IP, not the nodename IP

 
JOHN FONTANILLA
Occasional Contributor

‎02-15-2002 08:11 PM

‎02-15-2002 08:11 PM

Making sure routers and firewalls see the package IP, not the nodename IP

Hi,

We're logged in a HP-UX v11i machine with MCSG running. When we telnet or ping a router from this box, the routers sees the ping coming from stationary hostname IP instead of the floating IP.

Because of security, our firewalls and routers
only allow the floating IP.

How do I force the router to see the floating IP instead?

Should I just run the command below on the
machine which currently runs the package?

route add [router ip] [floating ip]

Thanks!

JohnF
0 Kudos
Reply
5 REPLIES 5
Sanjay_6
Honored Contributor

‎02-15-2002 09:03 PM

‎02-15-2002 09:03 PM

Re: Making sure routers and firewalls see the package IP, not the nodename IP

Hi John

You should allow the firewall to allow the system ip to pass through. Since the system ip is the contant and the package ip is virtual. hostname is going to return the server name of the system on which the package is running and this hostname resolves to the ip address of the system and not the package.

Hope this helps.

Regds
0 Kudos
Reply
melvyn burnard
Honored Contributor

‎02-18-2002 12:36 AM

‎02-18-2002 12:36 AM

Re: Making sure routers and firewalls see the package IP, not the nodename IP

The system will always report the fixed or stationary IP Address. The only way you get the relocatable ip address to be shown as the source is if you have a software package that is compiled or configured to bind() to the relocatable address. Tjis would not be visible to the router/firewall, so you will have to change the router/firewall configuration to allow the fixed or stationary ip address as well.
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Mark van Hassel
Respected Contributor

‎02-18-2002 03:52 AM

‎02-18-2002 03:52 AM

Re: Making sure routers and firewalls see the package IP, not the nodename IP

Hi,

Try the following as you suggested:

route add host [router ip] [virtual ip]

You can configure this in the package startup script and add a 'route delete' as well offcourse.
The surest sign that life exists elsewhere in the universe is that none of it has tried to contact us
0 Kudos
Reply
JOHN FONTANILLA
Occasional Contributor

‎02-21-2002 01:43 PM

‎02-21-2002 01:43 PM

Re: Making sure routers and firewalls see the package IP, not the nodename IP

The company's decided to let both
hostname IP addresses through the
firewall and router.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎02-26-2002 02:46 PM

‎02-26-2002 02:46 PM

Re: Making sure routers and firewalls see the package IP, not the nodename IP

As it should be.

Also we ALWAYS added our virtuals to DNS - so that users could ping the virtuals to determine whether or not the pkg was up.

Saved us a lot of "IS THE PKG UP!!!" calls.

Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.