HPE Community
Operating System - HP-UX
1826421 Members
3220 Online
109692 Solutions
New Discussion

Re: Problems between NAT and HP-UX Server

 
SOLVED
Go to solution
Federico Fricke
Occasional Advisor

‎11-20-2007 02:47 AM

‎11-20-2007 02:47 AM

Problems between NAT and HP-UX Server

Hi,
I being having the strangest problems between a HP-UX server and my firewall (NAT).
I have four servers that work ok (Solaris, Windows, AIX) but I am having trouble with the HP UX Server.

I don't have anything special in the server. It responds ok in my local network but from internet it does't work.

My configuration is the following:
IP: 10.0.0.12
Netmask: 255.255.255.0
Gateway: 10.0.0.10

Routing tables are the default ones!
I have try to assig othe IP address to the server (10.0.0.13) of an AIX server that works and I still get no response.

Do any one has any idea???

Also I have ipfilter with pass in all enabled.
(NAT is a Watchguard Firebox)
0 Kudos
Reply
10 REPLIES 10
Todd McDaniel_1
Honored Contributor

‎11-20-2007 03:00 AM

‎11-20-2007 03:00 AM

Re: Problems between NAT and HP-UX Server

Start by pinging your gateway for the HP host and then the firewall.

Also, post the output of ifconfig lan0, where lan0 is your primary lan on the HPUX box.
Unix, the other white meat.
0 Kudos
Reply
Murat SULUHAN
Honored Contributor

‎11-20-2007 03:02 AM

‎11-20-2007 03:02 AM

Re: Problems between NAT and HP-UX Server

Hi

Try to enter following command line and try again from Internet

ndd -set /dev/ip ip_ire_gw_probe 0

Best Regards
Murat
Murat Suluhan
0 Kudos
Reply
Federico Fricke
Occasional Advisor

‎11-20-2007 03:27 AM

‎11-20-2007 03:27 AM

Re: Problems between NAT and HP-UX Server

My ifconfig is the following

# ./ifconfig lan0
lan0: flags=1843
inet 10.0.0.13 netmask ffffff00 broadcast 10.0.0.255

I also trying the ndd command and it doesn't work.
Any other idea???
0 Kudos
Reply
Federico Fricke
Occasional Advisor

‎11-20-2007 03:31 AM

‎11-20-2007 03:31 AM

Re: Problems between NAT and HP-UX Server

Note that my current IP address is 10.0.0.13

This is because I am using an IP that I am sure that works ok with the NAT.

P.D. External IP Address is 200.76.163.204
0 Kudos
Reply
Federico Fricke
Occasional Advisor

‎11-20-2007 03:42 AM

‎11-20-2007 03:42 AM

Re: Problems between NAT and HP-UX Server

My
# ndd -get /dev/ip ip_ire_status
IRE rfq stq addr mask src
gateway mxfrg rtt ref type flag
0000000042e9f388 0000000042e94440 0000000000000000 010.000.000.000 ffffffff 010.
000.000.013 000.000.000.000 04136 00000 000 IRE_BROADCAST CKO
0000000042e9f148 0000000042e94440 0000000042e945c0 010.000.000.000 ffffffff 010.
000.000.013 000.000.000.000 01500 00000 005 IRE_BROADCAST CKO
0000000042e9e808 0000000042e94440 0000000000000000 000.000.000.000 ffffffff 010.
000.000.013 000.000.000.000 04136 00000 000 IRE_BROADCAST CKO
0000000042e9e148 0000000042e94440 0000000042e945c0 000.000.000.000 ffffffff 010.
000.000.013 000.000.000.000 01500 00000 005 IRE_BROADCAST CKO
00000000403dfa48 0000000000000000 0000000000000000 127.000.000.001 ffffffff 127.
000.000.001 000.000.000.000 04136 00066 000 IRE_LOOPBACK
00000000487145c8 0000000042e94440 0000000042e945c0 010.000.000.010 ffffffff 010.
000.000.013 000.000.000.000 01500 00000 001 IRE_ROUTE CKO
0000000042e9fc88 0000000042e94440 0000000000000000 010.000.000.013 ffffffff 010.
000.000.013 000.000.000.000 04136 00000 000 IRE_LOCAL
0000000042e9e5c8 0000000042e94440 0000000000000000 010.000.000.255 ffffffff 010.
000.000.013 000.000.000.000 04136 00000 000 IRE_BROADCAST CKO
00000000403dfec8 0000000042e94440 0000000042e945c0 010.000.000.255 ffffffff 010.
000.000.013 000.000.000.000 01500 00000 005 IRE_BROADCAST CKO
0000000042e9eec8 0000000042e94440 0000000000000000 010.255.255.255 ffffffff 010.
000.000.013 000.000.000.000 04136 00000 000 IRE_BROADCAST CKO
0000000042e9ea48 0000000042e94440 0000000042e945c0 010.255.255.255 ffffffff 010.
000.000.013 000.000.000.000 01500 00000 005 IRE_BROADCAST CKO
00000000433f4808 0000000042e94440 0000000000000000 255.255.255.255 ffffffff 010.
000.000.013 000.000.000.000 04136 00000 000 IRE_BROADCAST CKO
0000000042eb4c88 0000000042e94440 0000000042e945c0 255.255.255.255 ffffffff 010.
000.000.013 000.000.000.000 01500 00000 005 IRE_BROADCAST CKO
0000000042eb4808 0000000000000000 0000000042e94440 010.000.000.000 ffffff00 010.
000.000.013 000.000.000.000 01500 00000 002 IRE_RESOLVER CKO
00000000403df808 0000000000000000 0000000000000000 127.000.000.000 ff000000 127.
000.000.001 127.000.000.001 00000 00000 000 IRE_NET
0000000042eb4388 0000000000000000 0000000000000000 000.000.000.000 00000000 010.
000.000.013 010.000.000.010 00000 00000 000 IRE_GATEWAY DEAD

it seems that something is wrong with the gateway???
0 Kudos
Reply
Federico Fricke
Occasional Advisor

‎11-20-2007 03:45 AM

‎11-20-2007 03:45 AM

Re: Problems between NAT and HP-UX Server

The Gateway probe is set to 0
# ndd -get /dev/ip ip_ire_gw_probe
0

0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-20-2007 04:40 AM

‎11-20-2007 04:40 AM

Re: Problems between NAT and HP-UX Server

I suspect that your default gateway does not have the count set to 1 but is rather set to 0.
If it ain't broke, I can fix that.
0 Kudos
Reply
Federico Fricke
Occasional Advisor

‎11-20-2007 05:59 AM

‎11-20-2007 05:59 AM

Re: Problems between NAT and HP-UX Server

Hi Clay
Thanks for the reply

I suspect I have it set to 1

ROUTE_DESTINATION[0]=default
ROUTE_MASK[0]=""
ROUTE_GATEWAY[0]=10.0.0.10
ROUTE_COUNT[0]=1
ROUTE_ARGS[0]=""

This is the portion of my /etc/rc.config.d/netconf

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-20-2007 01:21 PM

‎11-20-2007 01:21 PM

Solution

Re: Problems between NAT and HP-UX Server

This is the key:

IRE_GATEWAY DEAD

The default behavior for gateway operation is to ping it every few minutes to see if it is working. However, this is a poor design as many network managers turn off ICMP (ping) responses for security. You can verify this by pinging the default gateway. HP-UX network code failed a ping to the gateway and disabled it. So the gateway is now unusable by HP-UX networking.

So if you reboot, your system will work just fine for a few minutes. So you need to permanently turn off dead gateway detection. In /etc/rc.config.d/ndd.conf and add this entry:

TRANSPRT_NAME[0]=ip
NDD_NAME[0]=ip_ire_gw_probe
NDD_VALUE[0]=0

Note: if some other setting occupies [0], use the next free number such as [1].

Now change the dead gateway detection to off:

ndd -set /dev/ip ip_ire_gw_probe 0

Then to re-enable the default, just use the route command to revive the route:

route add default 10.0.0.10 1

and your connection to the outside world should return. As always, test with a ping to a well-known IP address such as 208.67.222.222 (which is OpenDNS). If that works, then check DNS with a ping to www.hp.com


Bill Hassell, sysadmin
Reply
Federico Fricke
Occasional Advisor

‎11-21-2007 02:03 AM

‎11-21-2007 02:03 AM

Re: Problems between NAT and HP-UX Server

Thanks Bill! :D

I supposed something was wrong with the gateway but I didn't know how to fix it. :(

I enabled the ICMP (ping) on the gateway and the server worked ok.

I turned off the ICMP (ping) on the gateway and change the parameters that you gave me and its working great!

Thanks!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.