Source port on AIX for NAS is same? Post: 303018982

Sponsored Content

Operating Systems AIX Source port on AIX for NAS is same? Post 303018982 by anil1000 on Wednesday 20th of June 2018 02:03:11 PM

06-20-2018

Registered User

Quote:

Originally Posted by Scrutinizer

It seems to me your problem is because of the firewall in between that is interfering with NFS communication. I think that the reason that you are having more problems with nfs_use_reserved_ports=1 is that there are fewer ports in the pool and you are therefore more likely to reuse a port that the Netapp SVM thinks is still in use. It thinks this can happen when the firewall interferes with normal communication and therefore the Netapp SVM has not learned that a port is no longer in use.

The firewall is probably configured to drop, rather than reject packets, so that is something that you could look into. Another thing to investigate is keep-alive signals and timeouts, to ensure that the firewall does not interfere..

That being said, it may be that your particular brand just does not work well with NFS, no matter what you try.

I am guessing that you are using a firewall to limit which systems are allowed to approach the filer, but I think it would be better if you put the firewall around the systems and the storage SVM so that there is a clear path between them, while also limiting which servers can approach the SVM.

Well, we talked with Firewall team as well, but they are saying that it is the normal behavior of the firewall to drop the packets rather than sending reset.

Another plan of action to resolve this issue is
Plan 1
keep both NAS IP and Storage LIF IP in same VLAN and don't keep any firewall in between. (currently both NAS IP and Storage LIF IP are in different VLAN with firewall in between)

but I would like to know
Plan 2
What if we keep the same setup with communication happening from random source ports from client end to storage LIF ports with firewall in between,

which will be more secure plan 1 or Plan 2?

Thanks

anil1000

View Public Profile for anil1000

Find all posts by anil1000

9 More Discussions You Might Find Interesting

1. AIX

How to open a port in AIX

Hi Guys, i am trying to open a port in AIX. but i am not able to get the command for this. AIX is not having the iptables file present. So please any body can tell me how to open a port in AIX... Thanks sanju

2. Programming

Source code for serial port

Hi, I am working with sun Solaris 5.9 and in my application,I have to communicate with Serial port(i.e /dev/term/a). So I need source code to by which I can do the following things-- 1)check the port is available or not.If it dosn't find the port,it should throw the error message(i.e. port not...

3. UNIX for Advanced & Expert Users

how to port a package to huge source code having its own make and compilers

In general for intalling a package like we do ./configure, make , make install But if we want to integrate the package with a huge source base what are the things to be taken care could some one have a light on purpose of ./configure , make and make install along with above question. I...

4. AIX

AIX(VIO/LPAR) with Free NAS ISCSI solution

Hi, I was looking on Google for AIX-VIO/LPAR with ISCSI solution and found following really nice tutorial about how to setup ISCSI with free NAS. 1) Build Your Own Open Source NAS Device Using FreeNAS | Train Signal Training - Free Computer Training Videos 2) Build Your Own Open Source...

5. AIX

Compiling samba from source in AIX 5.3

Hello all. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs with no issues, but when the time comes to make, this happens: make: make 1254-025 There must be an existing description file or specify a target. ...

6. AIX

Who's using my port in AIX

Hello Gurus, I was trying to find who's using my port and got below answer from a IBM website. But the problem with the below answer is I need a root to run the rmsock, is there any other alternative to find out who is using my port with out a root access?? 1. netstat -Aan | grep <port...

7. Programming

Changing source port number of a TCP client packet

Hi all, I need to change the source port number of an outgoing TCP packet. First I have to bind the socket to a particular port(suppose 9001) but when I send the TCP packet I want to change the source port number lets say to 9002 still letting the socket to be bound to the same old port (9001)....

8. AIX

XVFB Source package for AIX

Please send me link for XVFB Source package for AIX

9. UNIX for Advanced & Expert Users

How to release port on AIX?

Hello all, I need your help with any command to release a port on AIX. Thanks for all.

LEARN ABOUT DEBIAN

rlm_ippool_tool

RLM_IPPOOL_TOOL(8)					      System Manager's Manual						RLM_IPPOOL_TOOL(8)

NAME

       rlm_ippool_tool - dump the contents of the FreeRadius ippool database files

SYNOPSIS

       If an ipaddress is specified then that address is used to limit the actions or output.

       rlm_ippool_tool [-a] [-c] [-o] [-v] session-db index-db [ipaddress]

       Mark the entry nasIP/nasPort as having ipaddress

       rlm_ippool_tool -n session-db index-db ipaddress nasIP nasPort

       Update old format database to new.

       rlm_ippool_tool -u session-db new-session-db

DESCRIPTION

       rlm_ippool_tool dumps the contents of the FreeRADIUS ippool databases for analyses or for removal of active (stuck?) entries.

       Or with the -n argument adds a usage entry to the FreeRADIUS ippool databases.

OPTIONS

       -a     Print all active entries.

       -c     Report number of active entries.

       -r     Remove active entries.

       -v     Verbose report of all entries.

       -o     Assume old database format (nas/port pair, not md5 output).

       -n     Mark the entry nasIP/nasPort as having ipaddress.

       -u     Update old format database to new.

EXAMPLES

       Given the syntax in the FreeRadius radiusd.conf:

	       ippool myippool {
		   range-start = 192.168.1.0
		   range-stop = 192.168.1.255
		   [...]
		   session-db = ${raddbdir}/ip-pool.db
		   ip-index = ${raddbdir}/ip-index.db
	       }

       To see the number of active entries in this pool, use:

	       $ rlm_ippool_tool -c ip-pool.db ip-index.db
	       13

       To see all active entries in this pool, use:

	       $ rlm_ippool_tool -a ip-pool.db ip-index.db
	       192.168.1.5
	       192.168.1.82
	       192.168.1.244
	       192.168.1.57
	       192.168.1.120
	       192.168.1.27
	       [...]

       To see all information about the active entries in the use, use:

	       $ rlm_ippool_tool -av ip-pool.db ip-index.db
	       NAS:172.16.1.1 port:0x2e8 - ipaddr:192.168.1.5 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x17c - ipaddr:192.168.1.82 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x106 - ipaddr:192.168.1.244 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x157 - ipaddr:192.168.1.57 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x2d8 - ipaddr:192.168.1.120 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x162 - ipaddr:192.168.1.27 active:1 cli:0 num:1
	       [...]

       To see only information of one entry, use:

	       $ rlm_ippool_tool -v ip-pool.db ip-index.db 192.168.1.1
	       NAS:172.16.1.1 port:0x90 - ipaddr:192.168.1.1 active:0 cli:0 num:0

       To add an IP address usage entry, use:

	       $ rlm_ippool_tool -n ip-pool.db ip-index.db 192.168.1.1 172.16.1.1 0x90
	       rlm_ippool_tool: Allocating ip to nas/port: 172.16.1.1/144
	       rlm_ippool_tool: num: 1
	       rlm_ippool_tool: Allocated ip 192.168.1.1 to client on nas 172.16.1.1,port 144

SEE ALSO

       radiusd(8)

AUTHORS

       Currently   part   of   the   FreeRADIUS   Project   (http://www.freeradius.org)   Originally   by   Edwin   Groothuis,	 edwin@mavetju.org
       (http://www.mavetju.org)

       Mailing list details are at http://www.freeradius.org/

																RLM_IPPOOL_TOOL(8)