Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: NIM on firewalled environment
Operating Systems AIX NIM on firewalled environment Post 302832411 by depam on Sunday 14th of July 2013 09:53:39 PM
Old 07-14-2013
NIM on firewalled environment
Currently setting up NIM on a firewalled environment and multiple gateways. By following the ports need to be opened on the below link:

IBM NIM Communication within a Firewall Environment - United States

I have asked network team to open up firewall but omitted the 32,768 to 65,535 port as our security won't be able to open this big port ranges.

It seems that NFS by using mountd can be specified a specific port but TFTP specifically needs this high port:

tftp:
Client UDP <--> Master UDP 69
Client UDP <--> Master UDP (random port between 32768 and 65535)

Here the client communicates via UDP to the master's port 69. The port that the client uses cannot be predicted.
Then, the master responds from port 69 back to the same port that made the request.
I used the bidirectional arrow to represent this.
Then random UDP ports are chosen on both the master and the client to affect the transfer of data. Again bidirectional.

Does this mean that nim mksysb might work but OS restore wont?
 

10 More Discussions You Might Find Interesting

1. AIX

migrate NIM server through NIM installation

I try to migrate a NIM server from one server to another. I try to do a mksysb on NIM server restore the NIM server's mksysb to a client through NIM installation shutdown NIM server start newly installed client as NIM server Does anyone do this before? who can give me some suggestion? (1 Reply)
Discussion started by: yanzhang
1 Replies

2. UNIX for Advanced & Expert Users

Reset environment - ".. /etc/.environment dev_env"

I have been resently working on some ksh script. One of the line in the file writes: .. /etc/.environment dev_env I can not understand what this mean, all I know is .environment is unix system environment file. Is ".." a command? If some one can give me some clue where can I find information... (7 Replies)
Discussion started by: zzwu3591
7 Replies

3. AIX

NIM server setup on etherchannel setup environment

I know that IBM's official stance is that NIM does not work on etherchannel environment, but has anyone able to get around it? I'm working on a p5-590 LPAR system, and the NIM master and clients are all on the same frame. Any help is appreciated. (1 Reply)
Discussion started by: pdtak
1 Replies

4. AIX

Nim

Hello guys, what is a sure-shot single command to find out if the NIM environment is working properly from both master as well as client side? (2 Replies)
Discussion started by: solaix14
2 Replies

5. AIX

Nim

Hello everyone I have two questions. 1.-The NIM and EZNIM are the same. 2.-If I have in one partition NIM installed I need to install EZNIM or I need to unistall NIM and then install EZNIM. Thanks for your comments. (2 Replies)
Discussion started by: lo-lp-kl
2 Replies

6. AIX

Back up a client NIM from nim master

Hello everyone Im trying to backup a nim client from nim master but I got this message COMMAND STATUS Command: failed stdout: yes stderr: no Before command completion, additional instructions may appear below. 0042-001 nim:... (2 Replies)
Discussion started by: lo-lp-kl
2 Replies

7. AIX

Nim

Hello I would like to hear your opinions about shell and nimsh I install the nim master on a server and and client nim on others servers. I backup this clients with the NIM master. When Im trying to install the clients with the option nimsh (communication protocol) send me an error ... (1 Reply)
Discussion started by: lo-lp-kl
1 Replies

8. AIX

NIM : remove nim client info from the client

Hi. I change my client's IP and hostname but I forgot to change anything on the master. How can I redefine or modify my client's resource from my master, or with using smit niminit from my client ? Tks (2 Replies)
Discussion started by: stephnane
2 Replies

9. AIX

Problem in communication nim client with nim master

Hello, I have an AIX6.1 machine which is a nim client to my nim master which is also AIX6.1 machine. I had some problem to perform an installation on my client using smit nim . i removed /etc/niminfo file in order to do the initialization again but when i run the command niminit -a name=client... (0 Replies)
Discussion started by: omonoiatis9
0 Replies

10. AIX

How to know NIM name from NIM client?

Friend's, I was playing around with NIM in my environment & had a quick question in mind which I didn't/couldn't find answer to, which is -- how to find the name of the NIM server sitting on the NIM client? All leads to the answer would be much appreciated, many thanks! -- Souvik (2 Replies)
Discussion started by: thisissouvik
2 Replies

LEARN ABOUT DEBIAN

blackhole

BLACKHOLE(4)						   BSD Kernel Interfaces Manual 					      BLACKHOLE(4)

NAME

     blackhole -- a sysctl(8) MIB for manipulating behaviour in respect of refused TCP or UDP connection attempts

SYNOPSIS

     sysctl net.inet.tcp.blackhole[=[0 | 1 | 2]]
     sysctl net.inet.udp.blackhole[=[0 | 1]]

DESCRIPTION

     The blackhole sysctl(8) MIB is used to control system behaviour when connection requests are received on TCP or UDP ports where there is no
     socket listening.

     Normal behaviour, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a
     RST segment, and drop the connection.  The connecting system will see this as a ``Connection refused''.  By setting the TCP blackhole MIB to
     a numeric value of one, the incoming SYN segment is merely dropped, and no RST is sent, making the system appear as a blackhole.  By setting
     the MIB value to two, any segment arriving on a closed port is dropped without returning a RST.  This provides some degree of protection
     against stealth port scans.

     In the UDP instance, enabling blackhole behaviour turns off the sending of an ICMP port unreachable message in response to a UDP datagram
     which arrives on a port where there is no socket listening.  It must be noted that this behaviour will prevent remote systems from running
     traceroute(8) to a system.

     The blackhole behaviour is useful to slow down anyone who is port scanning a system, attempting to detect vulnerable services on a system.
     It could potentially also slow down someone who is attempting a denial of service attack.

WARNING

     The TCP and UDP blackhole features should not be regarded as a replacement for firewall solutions.  Better security would consist of the
     blackhole sysctl(8) MIB used in conjuction with one of the available firewall packages.

     This mechanism is not a substitute for securing a system.	It should be used together with other security mechanisms.

SEE ALSO

     ip(4), tcp(4), udp(4), ipf(8), ipfw(8), pfctl(8), sysctl(8)

HISTORY

     The TCP and UDP blackhole MIBs first appeared in FreeBSD 4.0.

AUTHORS

     Geoffrey M. Rehmet

BSD
								  January 1, 2007							       BSD
All times are GMT -4. The time now is 03:04 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy