HPE Community
Operating System - HP-UX
1833845 Members
2049 Online
110063 Solutions
New Discussion

Outgoing IP packets routing

 
Enrico Venturi
Super Advisor

‎10-01-2004 12:30 AM

‎10-01-2004 12:30 AM

Outgoing IP packets routing

Hello colleagues,
I've a machine equipped with two LAN cards, configured on different IP subnetworks; even if the subnetworks are logically different, they are mixed through some devices (i.e. there's a hub where the two IP networks are connected to);
when the lan0 is unplugged I want that the outgoing IP packets are "blocked", instead they are sent through the lan1 (different subnetwork); we don't use default gateways; how can I force to route the outgoing packets ONLY on the LAN card belonging to the proper subnetwork?

BTW: this problem makes Kerberos fail when the lan0 (first one declared in the /etc/hosts) is unplugged but the lan1 is connected.

Thaks
Enrico
0 Kudos
Reply
7 REPLIES 7
Muthukumar_5
Honored Contributor

‎10-01-2004 01:20 AM

‎10-01-2004 01:20 AM

Re: Outgoing IP packets routing

We can control with route table entries there.

By deafult it will be routing every network entries using default entries. Can you post your routing and lan configurations as,

#netstat -rn
#netstat -in

#grep -v '^#' /etc/rc.config.d/netconf

we can modify routing informations so that we can send packets based on it via networks.

Example:

destination gateway



like that we can manage. You have removed default so that we can block any other packets transmission other than defined on routing can be blocked / not routed there.

May be because of hostname resolvation / ip-address resolvation , "Kerberos fail when the lan0 (first one declared in the /etc/hosts) is unplugged but the lan1 is connected" there.

check as nslookup hostname / ip-address

You have to use lan1 if you disconnect lan0 from the same network machine there.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Prashant Zanwar_4
Respected Contributor

‎10-01-2004 01:32 AM

‎10-01-2004 01:32 AM

Re: Outgoing IP packets routing

What I understand from your question is You want to direct IP traffic to the card which is connected at the time.

In my view: This is possible as:

- Make your second NIC a standby one, when you disconnect the primary/main NIC, make the standby NIC to take over..there would be some sofware available for it.

- If you want to use both NIC's at a time and when one fails, other should take care of IP traffic of other. This is possible using IP Alissing. You have to put an alias in the DNS..(check for it)..
Or at application level you have to manage it by saying that "IP1:NIC1|IP2:NIC2" shall take care of your IP traffic.
For incoming traffic for your server, still it is difficult unless the applications are just internal..then you can change peers and client too in similar too. In theory it might be easy, but at application level you will have to do lot of things.
Try aliasing at DNS level, that would be best.

Thanks
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
Enrico Venturi
Super Advisor

‎10-01-2004 01:34 AM

‎10-01-2004 01:34 AM

Re: Outgoing IP packets routing

No,
I want to direct subnetwork1 traffic to lan1
and subnetwork2 traffic to lan2.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-01-2004 01:41 AM

‎10-01-2004 01:41 AM

Re: Outgoing IP packets routing

Hi Enrico,

If lan0 is unplugged, then the default behaviour is *not* to route all the packets through lan1 if they are on different subnets. In your 'netstat -rn' output you can see two routes with the flag "U" flag indicating that network is directly routed through the local interface. That route is determined automatically based on the IP address and subnetmask you configure for the interface.

Post for your 'netstat -rn'.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Prashant Zanwar_4
Respected Contributor

‎10-01-2004 01:42 AM

‎10-01-2004 01:42 AM

Re: Outgoing IP packets routing

IC..Hmm..

You have to address this at application level than at host level.

Applications shall not talk at hostname level. There shall communicate at NIC hardware address and/or IP address only.

Otherwise create a logical name to your host and talk on that level.

IP hostname
logicalhostname

As we do in serviceguard...use a logical hostname/package name for application.
This takes care of it.
Application are bind to talk on logical hostname level this time.

Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
rick jones
Honored Contributor

‎10-02-2004 03:07 PM

‎10-02-2004 03:07 PM

Re: Outgoing IP packets routing

You _may_ (I've never tried it myself) get the behaviour you want if you set ip_strong_es_model to a value of 1.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
Mohanasundaram_1
Honored Contributor

‎10-02-2004 09:33 PM

‎10-02-2004 09:33 PM

Re: Outgoing IP packets routing

Hi Enrico,

You should look to disable IP forwarding. By default, I guess, this is enabled.

Search in this forum with that keyword for more details.

set the ndd parameter

ndd -set /dev/ip ip_forwarding 0

Edit /etc/rc.config.d/nddconf and put an entry like this

TRANSPORT_NAME=ip
NDD_NAME=ip_forwarding
NDD_VALUE=0

This will retain the ndd setting after reboots.

With regards,
Mohan.
Attitude, Not aptitude, determines your altitude
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.