HPE Community
Operating System - HP-UX
1833772 Members
2009 Online
110063 Solutions
New Discussion

Re: PPP and IP-masquerading on HP-UX

 
Jussi Salin
New Member

‎05-07-2002 04:53 AM

‎05-07-2002 04:53 AM

PPP and IP-masquerading on HP-UX

Greetings! \o_

I'd like to share an PPP-based internet connection (GPRS-phone) on my home HP 9000/712 to other machines on the ethernet. The workstation has two interfaces, lan0 and lan1. It would be cool to share the connection to both of them.

However, I didn't find needed information with google nor from the network documentation of HP-UX B.11.0, so I would appreciate any advices you can share! :)

P.S. I did similair 'routing' with linux once, it was called IP-masquerading. I think it may be called the same in HP-UX world, or NAT (Network Address Translation) in general.

- Jussi Salin
0 Kudos
Reply
8 REPLIES 8
sven verhaegen
Respected Contributor

‎05-07-2002 05:50 AM

‎05-07-2002 05:50 AM

Re: PPP and IP-masquerading on HP-UX

if you mean to use the virtual IP as an access point to the network and want it to to take a determined address different from the one if physicalle has for the accessing devices then this could be defined as NAT as you said , HP-UX doesn't have the feature installed standard , best is to install some kind of firewall software to do the NAT for you.. do you need more info then please let me know exactly what you are setting up
...knowing one ignores a greath many things is the first step to wisdom...
0 Kudos
Reply
Jussi Salin
New Member

‎05-07-2002 10:55 AM

‎05-07-2002 10:55 AM

Re: PPP and IP-masquerading on HP-UX

This is what I mean:

internet <--ppp--> hp 712 <--lan0--> ethernet

The PPP connection has an A-class IP (10.x.x.x), which is masqueraded to the internet on ISP's side. I'd like to set up a masquerading also between the PPP-link and ethernet (it has C-class, 192.168.1.x addresses). I have done this in Linux, but i'd really like to do it under HP-UX also. The basic idea is, that I can do outgoing connections from the ethernet to the Internet. Incoming connections (port forwarding) is not required, as they are already blocked from the ISP's side.

I talked about GPRS, which stands for General Packet Radio Service. Works with a cellular phone, but with fixed prices (connection could be open 24h/d in theory). On the computer's side it looks 100% like it would be a standard modem on phone line, with dial-up connection to local ISP. So i don't expect problems with setting up PPP itself, but i'm completly lost when it comes to masquerading the connection to LAN.

BTW, thanks for your reply! :)
0 Kudos
Reply
David Burgess
Esteemed Contributor

‎05-07-2002 12:28 PM

‎05-07-2002 12:28 PM

Re: PPP and IP-masquerading on HP-UX

Hi,

I've got my C160 connected to the internet. I use squid proxy http://www.squid-cache.org/
to proxy connections from my other machines.
It works well and is easy to setup. Theres a quick start readme which will get you up and running in about 5 minutes. You can bolt it down after.

HTH

Dave.
0 Kudos
Reply
Jussi Salin
New Member

‎05-08-2002 01:07 AM

‎05-08-2002 01:07 AM

Re: PPP and IP-masquerading on HP-UX

Hmm, perhaps a proxy would be sufficient, thanks for the tip!

However, what I originally want is doing the routing on IP-level instead of HTTP etc. level, to allow almost every protocol to be used without different proxy service for each one. It worked on Linux like this, on http's case for example:

Client on LAN sends an HTTP-request to a server on the Internet, via a gateway (linux box with IP-masquerading set up). Server sees that the packet comes in fact from the linux box, so the answer goes back it (instead of the Client which sent the request). Then the linux box changes to-address of incoming reply to the address of a client, forwarding the packet to it. and so on...

By doing this, you can use almost any protocol from machines on the LAN (FTP, IRC, HTTP, NEWS, POP3, IMAP, SMTP, ICMP, DNS, xpilot, realvideo, ...), even when the ISP provides just one (1) IP-address for the gateway machine (the one with PPP-link and LAN connections, hopefully my HP 9000/712 some day;).
0 Kudos
Reply
Marc Dijkstra
Trusted Contributor

‎05-08-2002 02:26 AM

‎05-08-2002 02:26 AM

Re: PPP and IP-masquerading on HP-UX

Hi there

There is a product that will do the MASQ and NAT -- check out IPCHAINS - I use it to hide pvt addresses without a *real* firewall.

http://netfilter.samba.org/ipchains/

http://www.niemueller.de/webmin/modules/ipchains/

http://devresource.hp.com/STKL/man/RH6.1/ipfw_4.html

http://www.linuxdoc.org/cgi-bin/ldpsrch.cgi

MND
"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila"
0 Kudos
Reply
Jussi Salin
New Member

‎05-08-2002 02:40 AM

‎05-08-2002 02:40 AM

Re: PPP and IP-masquerading on HP-UX

TNX Marc, but I'd like to do that on HP-UX, not in Linux. It was just an example, because I have done that thing only in Linux before.
0 Kudos
Reply
Marc Dijkstra
Trusted Contributor

‎05-08-2002 02:59 AM

‎05-08-2002 02:59 AM

Re: PPP and IP-masquerading on HP-UX

Hi,

I was informed that ipchains is available for HP-UX -- may be smoke in the wind though ;-)

Check out the porting and archives -- loads of stuff there, never know, might be something there? http://hpux.connect.org.uk

Apologies!

MND
"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila"
0 Kudos
Reply
Marc Dijkstra
Trusted Contributor

‎05-08-2002 03:24 AM

‎05-08-2002 03:24 AM

Re: PPP and IP-masquerading on HP-UX

One more thing.....

Check out the thread: http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xede235067c18d6118ff40090279cd0f9,00.html

Particularly:
"-> Using IPFilter : starting from HP-UX 11.x, IPFilter aims to implement packet filtering on HP-UX, just as ipchains does on Linux.
I have not yet tried it, but I guess you can have rules that help you detect the service or connection port, and do selective allow or deny based on the IP address, etc... "

(Thanks to Kodjo!)

Haven't tried IPfilter/9000 myself...

HTH

MND
"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.