HPE Community
Operating System - HP-UX
1846879 Members
4042 Online
110256 Solutions
New Discussion

Network Security on hpux 11.0 with Dual IP address

 
SOLVED
Go to solution
Daniel Cardani
Frequent Advisor

‎08-19-2002 11:10 AM

‎08-19-2002 11:10 AM

Network Security on hpux 11.0 with Dual IP address

I have a HPUX 11.0 server running VPO with two IP address. The issues is that 1st. IP is on my Corp network of 10.27.x.x (255.255.255.0) and the 2nd IP is on a private network that is also on the 10.x.x.x (255.255.255.0) subnet. Because the private network was assigned the 10 subnet instead of at 192.x.x.x un-routable network I will run into duplicate IP address if I am not careful. I only need to have the 2nd IP address receive SNMP traps and ping the private address while the 1st. IP address is used for access and administration. I do not have any other access points to the private network. Is there a way or documentation on how to secure the system so that the 2 IP's do not cause IP conflicts in the network.

daniel
0 Kudos
Reply
5 REPLIES 5
harry d brown jr
Honored Contributor

‎08-19-2002 05:39 PM

‎08-19-2002 05:39 PM

Solution

Re: Network Security on hpux 11.0 with Dual IP address


Who own's the "private" network with the 10.x.x.x ??? It's not "RIGHT" to server this up to other non-owner-users.

With sub-net-masks of 255.255.255.0, indicates that both networks are class C's.

So, unless the private network is a 10.27.X.Y network, then you won't have duplicate IP's.

live free or die
harry
Live Free or Die
Reply
harry d brown jr
Honored Contributor

‎08-19-2002 05:52 PM

‎08-19-2002 05:52 PM

Re: Network Security on hpux 11.0 with Dual IP address

Daniel,

here's a good doc on touting, although solaris based, the concepts are still the same:


http://www.ebsinc.com/solaris/routing.html

live free or die
harry
Live Free or Die
Reply
Sridhar Bhaskarla
Honored Contributor

‎08-19-2002 07:13 PM

‎08-19-2002 07:13 PM

Re: Network Security on hpux 11.0 with Dual IP address

Hi Daniel,

Obviously on the second (private) interface on your VPO server, you cannot configure the same subnet as of the primary interface. Since you are not enabling routing on the HP server, systems in one subnet cannot see the systems in the other subnet. So, you must be safe.

Now, configure the seed file in your NNM not to discover any nodes through the private interface of your VPO server. So, your VPO maps will not be messed up.

Configure the SNMP agent on all the private nodes and set SNMPTRAPDEST to the private IP address on the VPO server so that you will receive SNMP traps.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Daniel Cardani
Frequent Advisor

‎08-20-2002 06:22 AM

‎08-20-2002 06:22 AM

Re: Network Security on hpux 11.0 with Dual IP address

Harry,
My company owns both networks. But the private network was a platform that my company bought about 6 months to a year ago. The IP address for the corp. network will be 10.27.110.253 and the private is 10.0.0.11. The 10.0.0.11 IP address already is being used in my corp. network and so is many other IP's that were assigned in the private network. If I do not allow DNS lookup's I am fine and it does not see the 10.0.0.11 already being used. My fear is that I will have all these private 10 network loaded in my hosts and it will cause some type of conflict on the corp. side.


Sridhar,

How can I turn discovery off during installation of VPO and how and what is the seed file. The one thing I would like to do I turn discovery on to the private and not the corp. because there are over 400 nodes in the private network that I have to manage and no one I have asked has all the IP address and node names in a file. But since the private network does not have a default gateway, VPO will not be able to discover the private nodes.

How do I set the SNMPTRAPDEST, do I do this as a whole or on each individual node once it has been added.

Thanks for your help.

daniel
0 Kudos
Reply
rick jones
Honored Contributor

‎08-20-2002 09:40 AM

‎08-20-2002 09:40 AM

Re: Network Security on hpux 11.0 with Dual IP address

By default, an HP-UX 11 system with two interfaces configured will route IP datagrams if asked. There is nothing else to enable. If you wish to make sure that the system will not route IP datagrams if asked (ie some client configures it as his router) you need to use ndd to set ip_forwarding to zero (and place that in the /etc/rc.config.d/nddconf file.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.