Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Source port on AIX for NAS is same?
Operating Systems AIX Source port on AIX for NAS is same? Post 303018983 by Scrutinizer on Wednesday 20th of June 2018 02:30:25 PM
Old 06-20-2018
Quote:
Originally Posted by anil1000
Well, we talked with Firewall team as well, but they are saying that it is the normal behavior of the firewall to drop the packets rather than sending reset.
That is a matter of choice. To drop packets is more so legitimate in an Internet facing situation, but if you are using it for internal segmentation dropping will break stuff, while a reject is more graceful. There are pros and cons, but it is not "normal behavior" in the sense that it is the only possibility.

Besides this, there are options to keep connections alive, to change timeouts or to make the time longer before the firewall interferes.

Quote:
Another plan of action to resolve this issue is
Plan 1
keep both NAS IP and Storage LIF IP in same VLAN and don't keep any firewall in between. (currently both NAS IP and Storage LIF IP are in different VLAN with firewall in between)

but I would like to know
Plan 2
What if we keep the same setup with communication happening from random source ports from client end to storage LIF ports with firewall in between,

which will be more secure plan 1 or Plan 2?


Thanks
With plan 2 I think you may still have the problem once in a while. just less frequently. I personally would typically avoid sharing NFS through a firewall, unless you are using NFS with Kerberos. If you are using standard NFS with auth_sys authentication then in my opinion that is usually not a very secure situation and using reserved ports is not going to help that. But even with all that you described I do not know enough about your situation...
Last edited by Scrutinizer; 06-20-2018 at 04:49 PM..
 

9 More Discussions You Might Find Interesting

1. AIX

How to open a port in AIX

Hi Guys, i am trying to open a port in AIX. but i am not able to get the command for this. AIX is not having the iptables file present. So please any body can tell me how to open a port in AIX... Thanks sanju (2 Replies)
Discussion started by: sanju_d1231
2 Replies

2. Programming

Source code for serial port

Hi, I am working with sun Solaris 5.9 and in my application,I have to communicate with Serial port(i.e /dev/term/a). So I need source code to by which I can do the following things-- 1)check the port is available or not.If it dosn't find the port,it should throw the error message(i.e. port not... (0 Replies)
Discussion started by: smartgupta
0 Replies

3. UNIX for Advanced & Expert Users

how to port a package to huge source code having its own make and compilers

In general for intalling a package like we do ./configure, make , make install But if we want to integrate the package with a huge source base what are the things to be taken care could some one have a light on purpose of ./configure , make and make install along with above question. I... (1 Reply)
Discussion started by: Gopi Krishna P
1 Replies

4. AIX

AIX(VIO/LPAR) with Free NAS ISCSI solution

Hi, I was looking on Google for AIX-VIO/LPAR with ISCSI solution and found following really nice tutorial about how to setup ISCSI with free NAS. 1) Build Your Own Open Source NAS Device Using FreeNAS | Train Signal Training - Free Computer Training Videos 2) Build Your Own Open Source... (4 Replies)
Discussion started by: kabir
4 Replies

5. AIX

Compiling samba from source in AIX 5.3

Hello all. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs with no issues, but when the time comes to make, this happens: make: make 1254-025 There must be an existing description file or specify a target. ... (4 Replies)
Discussion started by: raidzero
4 Replies

6. AIX

Who's using my port in AIX

Hello Gurus, I was trying to find who's using my port and got below answer from a IBM website. But the problem with the below answer is I need a root to run the rmsock, is there any other alternative to find out who is using my port with out a root access?? 1. netstat -Aan | grep <port... (1 Reply)
Discussion started by: tenderfoot
1 Replies

7. Programming

Changing source port number of a TCP client packet

Hi all, I need to change the source port number of an outgoing TCP packet. First I have to bind the socket to a particular port(suppose 9001) but when I send the TCP packet I want to change the source port number lets say to 9002 still letting the socket to be bound to the same old port (9001).... (0 Replies)
Discussion started by: anuragrai134
0 Replies

8. AIX

XVFB Source package for AIX

Please send me link for XVFB Source package for AIX (3 Replies)
Discussion started by: prathap.g
3 Replies

9. UNIX for Advanced & Expert Users

How to release port on AIX?

Hello all, I need your help with any command to release a port on AIX. Thanks for all. (5 Replies)
Discussion started by: Mcipamo
5 Replies

LEARN ABOUT SUNOS

list-virtual-servers

asadmin-list-virtual-servers(1AS)				   User Commands				 asadmin-list-virtual-servers(1AS)

NAME

       asadmin-list-virtual-servers, list-virtual-servers - gets the virtual servers

SYNOPSIS

       list-virtual-servers --user admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure|-s] [--passwordfile filename]
       [--terse=false] [--echo=false] [--interactive=true]

       Gets all the virtual server elements. This command is supported in remote mode only.

OPTIONS

       --user		       authorized domain application server administrative username.

       --password	       password to administer the domain application server.

       --host		       machine name where the domain application server is running.

       --port		       port number of the domain application server listening for administration requests.

       --secure 	       if true, uses SSL/TLS to communicate with the domain application server.

       --passwordfile	       file containing the domain application server password.

       --terse		       indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-
			       formatted data for consumption by a script. Default is false.

       --echo		       setting to true will echo the command line statement on the standard output. Default is false.

       --interactive	       if set to true (default), only the required password options are prompted.

       Example 1: Using list-virtual-servers

       asadmin> list-virtual-servers --user admin --password adminadmin
       --host localhost --port 4848
       Command list-virtual-servers executed successfully

EXIT STATUS

       0		       command executed successfully

       1		       error in executing the command

       asadmin-create-virtual-server(1AS), asadmin-delete-virtual-server(1AS)

J2EE 1.4 SDK							    March 2004					 asadmin-list-virtual-servers(1AS)
All times are GMT -4. The time now is 10:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy