HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: SD-UX and firewall
Operating System - HP-UX
1840169
Members
3082
Online
110162
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2000 05:44 AM
07-12-2000 05:44 AM
I want to run SD-UX across a firewall.
A corresponding question in comp.sys.hp.hpux
led me to a Support-Document, in which
the use of RPC_RESTRICTED_PORT is stated.
(Document Id: A5875971).
Having this information I also found this
environment variable explained in 2 PDF files
at docs.hp.com.
All of these documents are for OV, I am not sure whether they also apply to the plain HP-UX 10.20 SD-UX.
My problem: It simply does not work. The 2 swagents inside and outside the firewall
start their negotiation on port 2121, but then they create new connections that are not within the restricted range.
And yes, I have also added the RPC_RESTRICTED_PORT information to /sbin/init.d/ncs and /sbin/init.d/dce as well as to /sbin/init.d/swagentd.
The services have been restarted with the corresponding /sbin/init.d/* stop and start
sequence.
Any ideas????
Many thanks in advance,
Lutz
A corresponding question in comp.sys.hp.hpux
led me to a Support-Document, in which
the use of RPC_RESTRICTED_PORT is stated.
(Document Id: A5875971).
Having this information I also found this
environment variable explained in 2 PDF files
at docs.hp.com.
All of these documents are for OV, I am not sure whether they also apply to the plain HP-UX 10.20 SD-UX.
My problem: It simply does not work. The 2 swagents inside and outside the firewall
start their negotiation on port 2121, but then they create new connections that are not within the restricted range.
And yes, I have also added the RPC_RESTRICTED_PORT information to /sbin/init.d/ncs and /sbin/init.d/dce as well as to /sbin/init.d/swagentd.
The services have been restarted with the corresponding /sbin/init.d/* stop and start
sequence.
Any ideas????
Many thanks in advance,
Lutz
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2000 06:12 AM
07-12-2000 06:12 AM
Solution
I believe your first step would be to ensure that the SD-UX is patched to the latest revision PHCO_20209.
The here are some steps to follow/check
On the CLIENT side (outside the firewall):
The client must be set up to use only TCP. Early versions of SD
(10.0, 10.01) default to UDP, while later versions default to first
try TCP, then UDP. Because of the firewall, the client should never
try UDP.
In the client's "/var/adm/sw/defaults" file, specify:
swinstall.rpc_binding_info = ncacn_ip_tcp[2121]
swcopy.rpc_binding_info = ncacn_ip_tcp[2121]
swremove.rpc_binding_info = ncacn_ip_tcp[2121]
swconfig.rpc_binding_info = ncacn_ip_tcp[2121]
swverify.rpc_binding_info = ncacn_ip_tcp[2121]
swlist.rpc_binding_info = ncacn_ip_tcp[2121]
swreg.rpc_binding_info = ncacn_ip_tcp[2121]
swacl.rpc_binding_info = ncacn_ip_tcp[2121]
swjob.rpc_binding_info = ncacn_ip_tcp[2121]
(the number in brackets is the default port used to initially
connect to the server).
On the SERVER side (inside the firewall):
Because SD uses RPC (Remote Procedure Calls), an environment variable
can be used to limit the range of ports used. This is best placed
in the script that starts swagentd, so that it doesn't affect
any other RPC programs that start.
NOTE: HP states that you should never change the files in the
/sbin/init.d directory. It is your responsibility to check the file
for changes after any SD patches are applied, as the patches may
overwrite the file.
In the file /sbin/init.d/swagentd, find the line that starts the
daemon. It will probably just contain:
/usr/sbin/swagentd
Change it so that it now contains the two lines:
export RPC_RESTRICTED_PORTS='ncacn_ip_tcp[2200-2299]'
/usr/sbin/swagentd
where the brackets contain the range of ports SD should use. Be sure
to check in /etc/services and the services(4) manual page to make
sure you're not conflicting with existing port definitions.
The number of ports specified depends on how many concurrent SD
sessions the server is expected to handle. The above example will
allow approximately 100 concurrent SD sessions. The reason it is
approximate is that another application could conceivably use a port
in the specified range, making it temporarily unavailable to SD.
HTH
The here are some steps to follow/check
On the CLIENT side (outside the firewall):
The client must be set up to use only TCP. Early versions of SD
(10.0, 10.01) default to UDP, while later versions default to first
try TCP, then UDP. Because of the firewall, the client should never
try UDP.
In the client's "/var/adm/sw/defaults" file, specify:
swinstall.rpc_binding_info = ncacn_ip_tcp[2121]
swcopy.rpc_binding_info = ncacn_ip_tcp[2121]
swremove.rpc_binding_info = ncacn_ip_tcp[2121]
swconfig.rpc_binding_info = ncacn_ip_tcp[2121]
swverify.rpc_binding_info = ncacn_ip_tcp[2121]
swlist.rpc_binding_info = ncacn_ip_tcp[2121]
swreg.rpc_binding_info = ncacn_ip_tcp[2121]
swacl.rpc_binding_info = ncacn_ip_tcp[2121]
swjob.rpc_binding_info = ncacn_ip_tcp[2121]
(the number in brackets is the default port used to initially
connect to the server).
On the SERVER side (inside the firewall):
Because SD uses RPC (Remote Procedure Calls), an environment variable
can be used to limit the range of ports used. This is best placed
in the script that starts swagentd, so that it doesn't affect
any other RPC programs that start.
NOTE: HP states that you should never change the files in the
/sbin/init.d directory. It is your responsibility to check the file
for changes after any SD patches are applied, as the patches may
overwrite the file.
In the file /sbin/init.d/swagentd, find the line that starts the
daemon. It will probably just contain:
/usr/sbin/swagentd
Change it so that it now contains the two lines:
export RPC_RESTRICTED_PORTS='ncacn_ip_tcp[2200-2299]'
/usr/sbin/swagentd
where the brackets contain the range of ports SD should use. Be sure
to check in /etc/services and the services(4) manual page to make
sure you're not conflicting with existing port definitions.
The number of ports specified depends on how many concurrent SD
sessions the server is expected to handle. The above example will
allow approximately 100 concurrent SD sessions. The reason it is
approximate is that another application could conceivably use a port
in the specified range, making it temporarily unavailable to SD.
HTH
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2000 07:10 AM
07-12-2000 07:10 AM
Re: SD-UX and firewall
Thanks,
I have now switched everything to TCP and it works as announced. PHCO_20209 is also installed now, I had the older PHCO_15*.
Just one short note for other people reading the thread: the syntax for /var/adm/sw/defaults requires an additional colon:
swinstall.rpc_binding_info = ncacn_ip_tcp:[2121]
I have now switched everything to TCP and it works as announced. PHCO_20209 is also installed now, I had the older PHCO_15*.
Just one short note for other people reading the thread: the syntax for /var/adm/sw/defaults requires an additional colon:
swinstall.rpc_binding_info = ncacn_ip_tcp:[2121]
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP