06-20-2018
Quote:
Originally Posted by
Scrutinizer
It seems to me your problem is because of the firewall in between that is interfering with NFS communication. I think that the reason that you are having more problems with nfs_use_reserved_ports=1 is that there are fewer ports in the pool and you are therefore more likely to reuse a port that the Netapp SVM thinks is still in use. It thinks this can happen when the firewall interferes with normal communication and therefore the Netapp SVM has not learned that a port is no longer in use.
The firewall is probably configured to drop, rather than reject packets, so that is something that you could look into. Another thing to investigate is keep-alive signals and timeouts, to ensure that the firewall does not interfere..
That being said, it may be that your particular brand just does not work well with NFS, no matter what you try.
I am guessing that you are using a firewall to limit which systems are allowed to approach the filer, but I think it would be better if you put the firewall around the systems and the storage SVM so that there is a clear path between them, while also limiting which servers can approach the SVM.
Well, we talked with Firewall team as well, but they are saying that it is the normal behavior of the firewall to drop the packets rather than sending reset.
Another plan of action to resolve this issue is
Plan 1
keep both NAS IP and Storage LIF IP in same VLAN and don't keep any firewall in between. (currently both NAS IP and Storage LIF IP are in different VLAN with firewall in between)
but I would like to know
Plan 2
What if we keep the same setup with communication happening from random source ports from client end to storage LIF ports with firewall in between,
which will be more secure plan 1 or Plan 2?
Thanks
9 More Discussions You Might Find Interesting
1. AIX
Hi Guys,
i am trying to open a port in AIX.
but i am not able to get the command for this. AIX is not having the iptables file present.
So please any body can tell me how to open a port in AIX...
Thanks
sanju (2 Replies)
Discussion started by: sanju_d1231
2 Replies
2. Programming
Hi,
I am working with sun Solaris 5.9 and in my application,I have to communicate with Serial port(i.e /dev/term/a).
So I need source code to by which I can do the following things--
1)check the port is available or not.If it dosn't find the port,it should throw the error message(i.e. port not... (0 Replies)
Discussion started by: smartgupta
0 Replies
3. UNIX for Advanced & Expert Users
In general for intalling a package like we do
./configure, make , make install
But if we want to integrate the package with a huge source base
what are the things to be taken care
could some one have a light on purpose of ./configure , make and make install
along with above question.
I... (1 Reply)
Discussion started by: Gopi Krishna P
1 Replies
4. AIX
Hi,
I was looking on Google for AIX-VIO/LPAR with ISCSI solution and found following really nice tutorial about how to setup ISCSI with free NAS.
1) Build Your Own Open Source NAS Device Using FreeNAS | Train Signal Training - Free Computer Training Videos
2) Build Your Own Open Source... (4 Replies)
Discussion started by: kabir
4 Replies
5. AIX
Hello all. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs with no issues, but when the time comes to make, this happens:
make: make 1254-025 There must be an existing description file or specify a target.
... (4 Replies)
Discussion started by: raidzero
4 Replies
6. AIX
Hello Gurus,
I was trying to find who's using my port and got below answer from a IBM website. But the problem with the below answer is I need a root to run the rmsock, is there any other alternative to find out who is using my port with out a root access??
1. netstat -Aan | grep <port... (1 Reply)
Discussion started by: tenderfoot
1 Replies
7. Programming
Hi all,
I need to change the source port number of an outgoing TCP packet. First I have to bind the socket to a particular port(suppose 9001) but when I send the TCP packet I want to change the source port number lets say to 9002 still letting the socket to be bound to the same old port (9001).... (0 Replies)
Discussion started by: anuragrai134
0 Replies
8. AIX
Please send me link for XVFB Source package for AIX (3 Replies)
Discussion started by: prathap.g
3 Replies
9. UNIX for Advanced & Expert Users
Hello all,
I need your help with any command to release a port on AIX.
Thanks for all. (5 Replies)
Discussion started by: Mcipamo
5 Replies
LEARN ABOUT DEBIAN
rlm_ippool_tool
RLM_IPPOOL_TOOL(8) System Manager's Manual RLM_IPPOOL_TOOL(8)
NAME
rlm_ippool_tool - dump the contents of the FreeRadius ippool database files
SYNOPSIS
If an ipaddress is specified then that address is used to limit the actions or output.
rlm_ippool_tool [-a] [-c] [-o] [-v] session-db index-db [ipaddress]
Mark the entry nasIP/nasPort as having ipaddress
rlm_ippool_tool -n session-db index-db ipaddress nasIP nasPort
Update old format database to new.
rlm_ippool_tool -u session-db new-session-db
DESCRIPTION
rlm_ippool_tool dumps the contents of the FreeRADIUS ippool databases for analyses or for removal of active (stuck?) entries.
Or with the -n argument adds a usage entry to the FreeRADIUS ippool databases.
OPTIONS
-a Print all active entries.
-c Report number of active entries.
-r Remove active entries.
-v Verbose report of all entries.
-o Assume old database format (nas/port pair, not md5 output).
-n Mark the entry nasIP/nasPort as having ipaddress.
-u Update old format database to new.
EXAMPLES
Given the syntax in the FreeRadius radiusd.conf:
ippool myippool {
range-start = 192.168.1.0
range-stop = 192.168.1.255
[...]
session-db = ${raddbdir}/ip-pool.db
ip-index = ${raddbdir}/ip-index.db
}
To see the number of active entries in this pool, use:
$ rlm_ippool_tool -c ip-pool.db ip-index.db
13
To see all active entries in this pool, use:
$ rlm_ippool_tool -a ip-pool.db ip-index.db
192.168.1.5
192.168.1.82
192.168.1.244
192.168.1.57
192.168.1.120
192.168.1.27
[...]
To see all information about the active entries in the use, use:
$ rlm_ippool_tool -av ip-pool.db ip-index.db
NAS:172.16.1.1 port:0x2e8 - ipaddr:192.168.1.5 active:1 cli:0 num:1
NAS:172.16.1.1 port:0x17c - ipaddr:192.168.1.82 active:1 cli:0 num:1
NAS:172.16.1.1 port:0x106 - ipaddr:192.168.1.244 active:1 cli:0 num:1
NAS:172.16.1.1 port:0x157 - ipaddr:192.168.1.57 active:1 cli:0 num:1
NAS:172.16.1.1 port:0x2d8 - ipaddr:192.168.1.120 active:1 cli:0 num:1
NAS:172.16.1.1 port:0x162 - ipaddr:192.168.1.27 active:1 cli:0 num:1
[...]
To see only information of one entry, use:
$ rlm_ippool_tool -v ip-pool.db ip-index.db 192.168.1.1
NAS:172.16.1.1 port:0x90 - ipaddr:192.168.1.1 active:0 cli:0 num:0
To add an IP address usage entry, use:
$ rlm_ippool_tool -n ip-pool.db ip-index.db 192.168.1.1 172.16.1.1 0x90
rlm_ippool_tool: Allocating ip to nas/port: 172.16.1.1/144
rlm_ippool_tool: num: 1
rlm_ippool_tool: Allocated ip 192.168.1.1 to client on nas 172.16.1.1,port 144
SEE ALSO
radiusd(8)
AUTHORS
Currently part of the FreeRADIUS Project (http://www.freeradius.org) Originally by Edwin Groothuis, edwin@mavetju.org
(http://www.mavetju.org)
Mailing list details are at http://www.freeradius.org/
RLM_IPPOOL_TOOL(8)