Operating System - HP-UX
1839259 Members
2540 Online
110137 Solutions
New Discussion

Re: network configuration on hp-ux system

 
SOLVED
Go to solution
kacou
Regular Advisor

network configuration on hp-ux system

from 10.2.4.76 i can 'ping' the 10.2.4.74
but from the (host) 10.2.4.74 i can not ping the 10.2.4.76. see the error message
------------------

# ping 10.2.4.76
PING 10.2.4.76: 64 byte packets

----10.2.6.76 PING Statistics----
13 packets transmitted, 0 packets received, 100% packet loss
20 REPLIES 20
Torsten.
Acclaimed Contributor

Re: network configuration on hp-ux system

Are both hp-ux servers? Check netmask and gateway. If one is a PC, check for personal firewalls.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
kacou
Regular Advisor

Re: network configuration on hp-ux system

There are both hpux servers. But where can i find the firewall?
# uname -a
HP-UX dattst B.11.23 U 9000/800 1398130932 unlimited-user license
# model
9000/800/rp3440
Deepak Kr
Respected Contributor

Re: network configuration on hp-ux system

Hi,

Try to test connectivity using linkloop

linkloop -i <> mac-addr

also,

provide following output from both servers

#netstat -in
#netstat -r


Regds,

Deepak
"There is always some scope for improvement"
kacou
Regular Advisor

Re: network configuration on hp-ux system

Server 1 (10.2.4.76)

# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0 1500 10.2.6.0 10.2.4.76 56736 0 2794 0 0
lo0 4136 127.0.0.0 127.0.0.1 3468 0 3468 0 0
# netstat -r
Routing tables
Destination Gateway Flags Refs Interface Pmtu
localhost localhost UH 0 lo0 4136
bkc bkc UH 0 lan0 4136
10.2.4.0 bkc U 2 lan0 1500
loopback localhost U 0 lo0 0
default 10.2.4.1 UG 0 lan0 0
#

Server 2 (10.2.4.74)

# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0 1500 10.2.6.0 10.2.4.74 885537837 0 828483915 0 0
lo0 4136 127.0.0.0 127.0.0.1 22230349 0 22230351 0 0
# netstat -r
Routing tables
Destination Gateway Flags Refs Interface Pmtu
localhost localhost UH 0 lo0 4136
dattst dattst UH 0 lan0 4136
10.2.4.0 dattst U 2 lan0 1500
loopback localhost U 0 lo0 0
default 10.2.4.1 UG 0 lan0 0
Deepak Kr
Respected Contributor

Re: network configuration on hp-ux system

Looks like netmask is not correct.

Can you send following :

grep ^[A-Z] /etc/rc.config.d/netconf

from both servers.

Also:

lanadmin -x -s PPA

PPA you can get after running following:

lanscan

what about linkloop test
linkloop -i PPA macaddr

Regds,
Deepak
"There is always some scope for improvement"
kacou
Regular Advisor

Re: network configuration on hp-ux system

I install ''bastille B6849AA Bastille Security Hardening Tool'' om my system.
It can be the problem because i can ping all servers in my network but, these servers can not ping me. So how can i uninstall bastille?
Ivan Krastev
Honored Contributor

Re: network configuration on hp-ux system

Use swremove:

# swremove B6849AA

regards,
ivan
SUDHAKAR_18
Trusted Contributor

Re: network configuration on hp-ux system

Show /etc/rc.config.d/netconf from both the servers.

also show your ping session.
Deepak Kr
Respected Contributor

Re: network configuration on hp-ux system

great !!

Good to see that you finally found it.

So it was ping reply restriction by Bastile...


Cheers!!
Deepak
"There is always some scope for improvement"
kacou
Regular Advisor

Re: network configuration on hp-ux system

I execute the 'swremove' command but the error still persists. see the error message below

#
# swremove B6849AA

======= 08/06/08 17:46:18 WAT BEGIN swremove SESSION
(non-interactive) (jobid=bkpprod-0013)

* Session started for user "root@bkpprod".

* Beginning Selection
* Target connection succeeded for "bkpprod:/".
* Software selections:
B6849AA,r=B.02.01.02,a=HP-UX_B.11.23_32/64,v=HP
Bastille.BASTILLE,l=/,r=B.02.01.02,a=HP-UX_B.11.00_32/64,v=HP,fr=B.02.01.02,fa=HP-UX_B.11.00_32/64
* Selection succeeded.


* Beginning Analysis
* Session selections have been saved in the file
"/.sw/sessions/swremove.last".
ERROR: "bkpprod:/": The software dependencies for 1 products or
filesets cannot be resolved.
* "bkpprod:/": 1 bundles cannot be removed because not all of
their filesets can be removed.
* The analysis phase failed for "bkpprod:/".
* Analysis had errors.


NOTE: More information may be found in the agent logfile using the
command "swjob -a log bkpprod-0013 @ bkpprod:/".

======= 08/06/08 17:46:22 WAT END swremove SESSION (non-interactive)
(jobid=bkpprod-0013)

#
Torsten.
Acclaimed Contributor

Re: network configuration on hp-ux system

By uninstalling bastille you will make your system probably "weak" and vulnerable - do you really want to do this only for a ping?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
kacou
Regular Advisor

Re: network configuration on hp-ux system

yes!! because it's not necessary for me.
help me please!!
Vijay Dsouza
Frequent Advisor

Re: network configuration on hp-ux system

Hi Kacau,
Thats right just for a ping related issue i would not advise you to remove your Security Software, Have it in place and finetune your Security software to permit and wuthenticate your network with the necessary ports and required communications.

Cheers

kacou
Regular Advisor

Re: network configuration on hp-ux system

see the netconf below!!

--------------------------------------
# cat /etc/rc.config.d/netconf

-------------------------------------

# netconf: configuration values for core networking subsystems
#
# @(#) $Revision: 1.6.119.6 $ $Date: 97/09/10 15:56:01 $
#
# HOSTNAME: Name of your system for uname -S and hostname
#
# OPERATING_SYSTEM: Name of operating system returned by uname -s
# ---- DO NOT CHANGE THIS VALUE ----
#
# LOOPBACK_ADDRESS: Loopback address
# ---- DO NOT CHANGE THIS VALUE ----
#
# IMPORTANT: for 9.x-to-10.0 transition, do not put blank lines between
# the next set of statements

HOSTNAME="bkpprod"
OPERATING_SYSTEM=HP-UX
LOOPBACK_ADDRESS=127.0.0.1

# Internet configuration parameters. See ifconfig(1m), autopush(1m)
#
# INTERFACE_NAME: Network interface name (see lanscan(1m))
#
# IP_ADDRESS: Hostname (in /etc/hosts) or IP address in decimal-dot
# notation (e.g., 192.1.2.3)
#
# SUBNET_MASK: Subnetwork mask in decimal-dot notation, if different
# from default
#
# BROADCAST_ADDRESS: Broadcast address in decimal-dot notation, if
# different from default
#
# INTERFACE_STATE: Desired interface state at boot time.
# either up or down, default is up.
#
# DHCP_ENABLE Determines whether or not DHCP client functionality
# will be enabled on the network interface (see
# auto_parms(1M), dhcpclient(1M)). DHCP clients get
# their IP address assignments from DHCP servers.
# 1 enables DHCP client functionality; 0 disables it.
#
# INTERFACE_MODULES: A list of modules to be pushed on a stream
# associated with an interface. For example,
# INTERFACE_MODULES[0]="mod1 mod2 ... modN-1 modN"
# pushes modN on top of modN-1.
#
# For each additional network interfaces, add a set of variable assignments
# like the ones below, changing the index to "[1]", "[2]" et cetera.
#
# IMPORTANT: for 9.x-to-10.0 transition, do not put blank lines between
# the next set of statements

INTERFACE_NAME[0]=lan0
IP_ADDRESS[0]=10.2.6.76
SUBNET_MASK[0]=255.255.254.0
BROADCAST_ADDRESS[0]=""
INTERFACE_STATE[0]=up
DHCP_ENABLE[0]=0
INTERFACE_MODULES[0]=""

# Internet routing configuration. See route(1m), routing(7)
#
# ROUTE_DESTINATION: Destination hostname (in /etc/hosts) or host or network
# IP address in decimal-dot notation, preceded by the word
# "host" or "net"; or simply the word "default".
#
# ROUTE_MASK: Subnetwork mask in decimal-dot notation, or C language
# hexadecimal notation. This is an optional field.
# A IP address, subnet mask pair uniquely identifies
# a subnet to be reached. If a subnet mask is not given,
# then the system will assign the longest subnet mask
# of the configured network interfaces to this route.
# If there is no matching subnet mask, then the system
# will assign the default network mask as the route's
# subnet mask.
#
# ROUTE_GATEWAY: Gateway hostname (in /etc/hosts) or IP address in
# decimal-dot notation. If local interface, must use the
# same form as used for IP_ADDRESS above (hostname or
# decimal-dot notation). If loopback interface, i.e.,
# 127.0.0.1, the ROUTE_COUNT must be set to zero.
#
# ROUTE_COUNT: An integer that indicates whether the gateway is a
# remote interface (one) or the local interface (zero)
# or loopback interface (e.g., 127.*).
#
# ROUTE_ARGS: Route command arguments and options. This variable
# may contain a combination of the following arguments:
# "-f", "-n" and "-p pmtu".
#
# For each additional route, add a set of variable assignments like the ones
# below, changing the index to "[1]", "[2]" et cetera.
#
# IMPORTANT: for 9.x-to-10.0 transition, do not put blank lines between
# the next set of statements

# ROUTE_DESTINATION[0]=default
# ROUTE_MASK[0]=""
# ROUTE_GATEWAY[0]=10.2.6.1
# ROUTE_COUNT[0]=""
# ROUTE_ARGS[0]=""

# Dynamic routing daemon configuration. See gated(1m)
#
# GATED: Set to 1 to start gated daemon.
# GATED_ARGS: Arguments to the gated daemon.

GATED=0
GATED_ARGS=""

#
# Router Discover Protocol daemon configuration. See rdpd(1m)
#
# RDPD: Set to 1 to start rdpd daemon
#

RDPD=0

#
# Reverse ARP daemon configuration. See rarpd(1m)
#
# RARP: Set to 1 to start rarpd daemon
#

RARP=0

#
# Network interface configuration. See ifconfig(1m)
#
# DEFAULT_INTERFACE_MODULES contains a default list of modules to be
# pushed on a stream associated with an interface. For example,
# INTERFACE_MODULES[0]="mod1 mod2 ... modN-1 modN" pushes modN on top
# of modN-1.
#
# Precedence rules:
# 1) The module names specified in INTERFACE_MODULES[] for the specified
# interface overrides the modules in DEFAULT_INTERFACE_MODULES. For
# example, INTERFACE_MODULES[0]="foo" and
# DEFAULT_INTERFACE_MODULES="m1 m2", then the module list applied
# will be "foo".
#
# 2) If INTERFACE_MODULES[] is set to null string, then the module
# names specified in DEFAULT_INTERFACE_MODULES will be used for the
# specified interface. For example, INTERFACE_MODULES[0]="" ( or
# INTERFACE_MODULES[0]= ) and DEFAULT_INTERFACE_MODULES="m1 m2",
# then the applied module list will be "m1,m2".
#
# 3) If INTERFACE_MODULES[] is explicitly set to "NONE", then no module
# list will be applied for the specified interface. For example, if
# INTERFACE_MODULES[0]="NONE" and DEFAULT_INTERFACE_MODULES="m1 m2",
# then there will be no -m option applied to the interface.
# Restriction: The module name can't be "NONE", and "NONE" is not
# case sensitive.

DEFAULT_INTERFACE_MODULES=""
ROUTE_DESTINATION[0]=default
ROUTE_GATEWAY[0]=10.2.6.1
ROUTE_COUNT[0]=1

Torsten.
Acclaimed Contributor
Solution

Re: network configuration on hp-ux system

Run bastille and allow ICMP requests (ping) - this would be the better option.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
kacou
Regular Advisor

Re: network configuration on hp-ux system

show me the way please!!!
how please?
Torsten.
Acclaimed Contributor

Re: network configuration on hp-ux system

This may help you:

http://docs.hp.com/en/T2786-90157/ch02s08.html?jumpid=reg_R1002_USEN

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Deepak Kr
Respected Contributor

Re: network configuration on hp-ux system

Yes, it is not advisable to remove security layer for this issue.

You can fix this even when bastile is in installed state and securing your box.

run following:
#bastile -r

or

you can directly update configuration by vi'ing the /etc/opt/sec_mgmt/bastille/config file then run bastille -b to roll the changes in.

Try either way, it should work for you.


Regds,
Deepak
"There is always some scope for improvement"
kacou
Regular Advisor

Re: network configuration on hp-ux system

the problem is solved. Thanks a lot !!!!!!!!!!

i use ''bastille -r''

Torsten.
Acclaimed Contributor

Re: network configuration on hp-ux system

So don't get lazy and keep on assigning points!

Have fun!

;-)

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!