HPE Community
Operating System - HP-UX
1834465 Members
3033 Online
110067 Solutions
New Discussion

Re: No network access on icmp blocked router

 
SOLVED
Go to solution
Paul Johnsen
Occasional Advisor

‎02-05-2004 05:07 AM

‎02-05-2004 05:07 AM

No network access on icmp blocked router

I have an HP J5000 system running HP-UX 11i. It has been running on our network for several years with no problems. Recently our network control gods blocked icmp on the router that our portion of our lan is connected to. We have three subnets on my side of the router. When icmp was blocked on the router, all of our HP-UX boxes could no longer access anything other than the subnet we belong to. The DNS servers, which are on the other side of the router, do not reply, and machines on other subnets can not see the HPs. The Windows boxes on our net have no problems.

What service is using icmp that can cause the HP boxes to be blocked? Is there some way to correct this on the HPs, or are we going to have to fight to get icmp turned back on on the router?

This has been an ongoing struggle for 2 months now, and I have a number of people who can't get theri work done because of no acces to the HPs. Machines on the same subnet as the HPs can see them just fine.
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎02-05-2004 05:23 AM

‎02-05-2004 05:23 AM

Solution

Re: No network access on icmp blocked router

HP-UX 11 and 11.11 both are configured out of the box to require icmp access to maintain normal network functions.

Here is how to change that with the ndd command.

These threads contain detail and a fix.

http://search.hp.com/redirect.html?url=http%3A//forums1.itrc.hp.com/service/forums/questionanswer.do%3FthreadId%3D104050&qt=ndd+%2Bicmp+%2Bping&hit=1
http://search.hp.com/redirect.html?url=http%3A//forums1.itrc.hp.com/service/forums/questionanswer.do%3FthreadId%3D98068&qt=ndd+%2Bicmp+%2Bping&hit=2
http://search.hp.com/redirect.html?url=http%3A//forums1.itrc.hp.com/service/forums/questionanswer.do%3FthreadId%3D86453&qt=ndd+%2Bicmp+%2Bping&hit=5

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Jeff Schussele
Honored Contributor

‎02-05-2004 05:48 AM

‎02-05-2004 05:48 AM

Re: No network access on icmp blocked router

Hi,

You need to turn off the HP's dead gateway probe - it uses icmp to check for down routers & IF they stop responding to it, they're removed from the routing table.

In /etc/rc.config.d/nddconf add the following lines

TRANSPORT_NAME[X]=ip
NDD_NAME[X]=ip_ire_gw_probe
NDD_VALUE[X]=0

Where X = a *unique* index value

Then add the route back with route add commands & it should remain. Or just restart the net daemons or even reboot if desired.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.