Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Source port on AIX for NAS is same?
Operating Systems AIX Source port on AIX for NAS is same? Post 303018983 by Scrutinizer on Wednesday 20th of June 2018 02:30:25 PM
Old 06-20-2018
Quote:
Originally Posted by anil1000
Well, we talked with Firewall team as well, but they are saying that it is the normal behavior of the firewall to drop the packets rather than sending reset.
That is a matter of choice. To drop packets is more so legitimate in an Internet facing situation, but if you are using it for internal segmentation dropping will break stuff, while a reject is more graceful. There are pros and cons, but it is not "normal behavior" in the sense that it is the only possibility.

Besides this, there are options to keep connections alive, to change timeouts or to make the time longer before the firewall interferes.

Quote:
Another plan of action to resolve this issue is
Plan 1
keep both NAS IP and Storage LIF IP in same VLAN and don't keep any firewall in between. (currently both NAS IP and Storage LIF IP are in different VLAN with firewall in between)

but I would like to know
Plan 2
What if we keep the same setup with communication happening from random source ports from client end to storage LIF ports with firewall in between,

which will be more secure plan 1 or Plan 2?


Thanks
With plan 2 I think you may still have the problem once in a while. just less frequently. I personally would typically avoid sharing NFS through a firewall, unless you are using NFS with Kerberos. If you are using standard NFS with auth_sys authentication then in my opinion that is usually not a very secure situation and using reserved ports is not going to help that. But even with all that you described I do not know enough about your situation...
Last edited by Scrutinizer; 06-20-2018 at 04:49 PM..
 

9 More Discussions You Might Find Interesting

1. AIX

How to open a port in AIX

Hi Guys, i am trying to open a port in AIX. but i am not able to get the command for this. AIX is not having the iptables file present. So please any body can tell me how to open a port in AIX... Thanks sanju (2 Replies)
Discussion started by: sanju_d1231
2 Replies

2. Programming

Source code for serial port

Hi, I am working with sun Solaris 5.9 and in my application,I have to communicate with Serial port(i.e /dev/term/a). So I need source code to by which I can do the following things-- 1)check the port is available or not.If it dosn't find the port,it should throw the error message(i.e. port not... (0 Replies)
Discussion started by: smartgupta
0 Replies

3. UNIX for Advanced & Expert Users

how to port a package to huge source code having its own make and compilers

In general for intalling a package like we do ./configure, make , make install But if we want to integrate the package with a huge source base what are the things to be taken care could some one have a light on purpose of ./configure , make and make install along with above question. I... (1 Reply)
Discussion started by: Gopi Krishna P
1 Replies

4. AIX

AIX(VIO/LPAR) with Free NAS ISCSI solution

Hi, I was looking on Google for AIX-VIO/LPAR with ISCSI solution and found following really nice tutorial about how to setup ISCSI with free NAS. 1) Build Your Own Open Source NAS Device Using FreeNAS | Train Signal Training - Free Computer Training Videos 2) Build Your Own Open Source... (4 Replies)
Discussion started by: kabir
4 Replies

5. AIX

Compiling samba from source in AIX 5.3

Hello all. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs with no issues, but when the time comes to make, this happens: make: make 1254-025 There must be an existing description file or specify a target. ... (4 Replies)
Discussion started by: raidzero
4 Replies

6. AIX

Who's using my port in AIX

Hello Gurus, I was trying to find who's using my port and got below answer from a IBM website. But the problem with the below answer is I need a root to run the rmsock, is there any other alternative to find out who is using my port with out a root access?? 1. netstat -Aan | grep <port... (1 Reply)
Discussion started by: tenderfoot
1 Replies

7. Programming

Changing source port number of a TCP client packet

Hi all, I need to change the source port number of an outgoing TCP packet. First I have to bind the socket to a particular port(suppose 9001) but when I send the TCP packet I want to change the source port number lets say to 9002 still letting the socket to be bound to the same old port (9001).... (0 Replies)
Discussion started by: anuragrai134
0 Replies

8. AIX

XVFB Source package for AIX

Please send me link for XVFB Source package for AIX (3 Replies)
Discussion started by: prathap.g
3 Replies

9. UNIX for Advanced & Expert Users

How to release port on AIX?

Hello all, I need your help with any command to release a port on AIX. Thanks for all. (5 Replies)
Discussion started by: Mcipamo
5 Replies

LEARN ABOUT CENTOS

ldns-notify

ldns-notify(1)						      General Commands Manual						    ldns-notify(1)

NAME

       ldns-notify - notify DNS servers that updates are available

SYNOPSIS

       ldns-notify [options] -z zone servers

DESCRIPTION

       ldns-notify  sends a NOTIFY message to DNS servers. This tells them that an updated zone is available at the master servers. It can perform
       TSIG signatures and it can add a SOA serial number of the updated zone.	If a server already has that serial number it will  disregard  the
       message.

OPTIONS

       -z zone
	      The zone that is updated.

       -h     Show usage and exit

       -v     Show the version and exit

       -s serial
	      Append a SOA record indicating the serial number of the updated zone.

       -p port
	      Use port as destination port (default the DNS port 53) for the UDP packets.

       -y key:data
	      Use the given TSIG key and base64-data to sign the NOTIFY. Uses the hmac-md5 algorithm.

       -d     Print verbose debug information. The query that is sent and the query that is received.

       -r num Specify the maximum number of retries before notify gives up trying to send the UDP packet.

EXIT CODE

       The program exits with a 0 exit code if all servers replied an acknowledgement to the notify message, and a failure exit code otherwise.

AUTHOR

       Written by the ldns team as an example for ldns usage.

REPORTING BUGS

       Report bugs to <ldns-team@nlnetlabs.nl>.

COPYRIGHT

       Copyright  (C)  2005 NLnet Labs. This is free software. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PUR-
       POSE.

								    9 Jan 2007							    ldns-notify(1)
All times are GMT -4. The time now is 02:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy