Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Source port on AIX for NAS is same?
Operating Systems AIX Source port on AIX for NAS is same? Post 303018983 by Scrutinizer on Wednesday 20th of June 2018 02:30:25 PM
Old 06-20-2018
Quote:
Originally Posted by anil1000
Well, we talked with Firewall team as well, but they are saying that it is the normal behavior of the firewall to drop the packets rather than sending reset.
That is a matter of choice. To drop packets is more so legitimate in an Internet facing situation, but if you are using it for internal segmentation dropping will break stuff, while a reject is more graceful. There are pros and cons, but it is not "normal behavior" in the sense that it is the only possibility.

Besides this, there are options to keep connections alive, to change timeouts or to make the time longer before the firewall interferes.

Quote:
Another plan of action to resolve this issue is
Plan 1
keep both NAS IP and Storage LIF IP in same VLAN and don't keep any firewall in between. (currently both NAS IP and Storage LIF IP are in different VLAN with firewall in between)

but I would like to know
Plan 2
What if we keep the same setup with communication happening from random source ports from client end to storage LIF ports with firewall in between,

which will be more secure plan 1 or Plan 2?


Thanks
With plan 2 I think you may still have the problem once in a while. just less frequently. I personally would typically avoid sharing NFS through a firewall, unless you are using NFS with Kerberos. If you are using standard NFS with auth_sys authentication then in my opinion that is usually not a very secure situation and using reserved ports is not going to help that. But even with all that you described I do not know enough about your situation...
Last edited by Scrutinizer; 06-20-2018 at 04:49 PM..
 

9 More Discussions You Might Find Interesting

1. AIX

How to open a port in AIX

Hi Guys, i am trying to open a port in AIX. but i am not able to get the command for this. AIX is not having the iptables file present. So please any body can tell me how to open a port in AIX... Thanks sanju (2 Replies)
Discussion started by: sanju_d1231
2 Replies

2. Programming

Source code for serial port

Hi, I am working with sun Solaris 5.9 and in my application,I have to communicate with Serial port(i.e /dev/term/a). So I need source code to by which I can do the following things-- 1)check the port is available or not.If it dosn't find the port,it should throw the error message(i.e. port not... (0 Replies)
Discussion started by: smartgupta
0 Replies

3. UNIX for Advanced & Expert Users

how to port a package to huge source code having its own make and compilers

In general for intalling a package like we do ./configure, make , make install But if we want to integrate the package with a huge source base what are the things to be taken care could some one have a light on purpose of ./configure , make and make install along with above question. I... (1 Reply)
Discussion started by: Gopi Krishna P
1 Replies

4. AIX

AIX(VIO/LPAR) with Free NAS ISCSI solution

Hi, I was looking on Google for AIX-VIO/LPAR with ISCSI solution and found following really nice tutorial about how to setup ISCSI with free NAS. 1) Build Your Own Open Source NAS Device Using FreeNAS | Train Signal Training - Free Computer Training Videos 2) Build Your Own Open Source... (4 Replies)
Discussion started by: kabir
4 Replies

5. AIX

Compiling samba from source in AIX 5.3

Hello all. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs with no issues, but when the time comes to make, this happens: make: make 1254-025 There must be an existing description file or specify a target. ... (4 Replies)
Discussion started by: raidzero
4 Replies

6. AIX

Who's using my port in AIX

Hello Gurus, I was trying to find who's using my port and got below answer from a IBM website. But the problem with the below answer is I need a root to run the rmsock, is there any other alternative to find out who is using my port with out a root access?? 1. netstat -Aan | grep <port... (1 Reply)
Discussion started by: tenderfoot
1 Replies

7. Programming

Changing source port number of a TCP client packet

Hi all, I need to change the source port number of an outgoing TCP packet. First I have to bind the socket to a particular port(suppose 9001) but when I send the TCP packet I want to change the source port number lets say to 9002 still letting the socket to be bound to the same old port (9001).... (0 Replies)
Discussion started by: anuragrai134
0 Replies

8. AIX

XVFB Source package for AIX

Please send me link for XVFB Source package for AIX (3 Replies)
Discussion started by: prathap.g
3 Replies

9. UNIX for Advanced & Expert Users

How to release port on AIX?

Hello all, I need your help with any command to release a port on AIX. Thanks for all. (5 Replies)
Discussion started by: Mcipamo
5 Replies

LEARN ABOUT OPENSOLARIS

scconf_quorum_dev_netapp_nas

scconf_quorum_dev_netapp_nas(1M)			  System Administration Commands			  scconf_quorum_dev_netapp_nas(1M)

NAME

       scconf_quorum_dev_netapp_nas - add and remove shared Network Appliance network-attached storage (NAS) quorum devices and change various NAS
       cluster quorum configuration properties or states.

SYNOPSIS

       scconf {-a|-c|-r} -q name=devicename otheroptions

DESCRIPTION

       Note -

	 Beginning with the Sun Cluster 3.2 release, Sun Cluster software includes an object-oriented command set. Although Sun  Cluster  software
	 still	supports the original command set, Sun Cluster procedural documentation uses only the object-oriented command set. For more infor-
	 mation about the object-oriented command set, see the Intro(1CL) man page.

       A Network Appliance NAS device can be configured as a quorum device for Sun Cluster. The NAS configuration information consists of:

	   o	  a device name, which must be unique across quorum devices

	   o
		   a filer name, which defaults to the device name if not specified

	   o	  a LUN ID, which defaults to 0 if not specified

       To provide support for NAS devices as quorum devices, the administrator must install the quorum device support module provided  by  Network
       Appliance. If this module is not available, scconfprevents the addition of the quorum device. See Sun Cluster With Network-Attached Storage
       Devices Manual for Solaris OS for instructions about obtaining the support module.

       Additionally, the iSCSI license must be valid for the Network Appliance device.

OPTIONS

       The following options can be used for NAS quorum devices. See scconf(1M) for  the  list	of  supported  generic	options.  See  scconf_quo-
       rum_dev_netapp_nas(1M) for options that are specific to shared disk quorum devices.

       The  add and remove forms of the command are used to add and remove NAS quorum devices to or from the configuration. The change form of the
       command is used for changing various properties of cluster quorum configuration.

       Before you add a quorum device, you must set up and configure the device and the logical unit number (LUN) on the device to  be	configured
       as  a  quorum  device. For detailed procedures, see your Network Appliance documentation. For Sun Cluster requirements of device setup, see
       Sun Cluster With Network-Attached Storage Devices Manual for Solaris OS. After the quorum device is added, you cannot change the type.

       Add a NAS quorum device:

	 -q -a name=devicename,type=netapp_nas[,filer=filer-name][,lun_id=0]

       Change a NAS quorum device's configuration:

	 -q -c name=devicename,{maintstate | reset}

       Remove a NAS quorum device:

	 -q -r name=devicename

       The -q option supports the following Network Appliance NAS-specific suboptions:

       filer=filer-name

	   Specifies the name of the device on the network that you can use to access the NAS device when you are using rsh or telnet.

       lun_id=0

	   Specifies the LUN ID on the NAS device that will be a NAS quorum device. The LUN ID defaults to 0.

       When scconf is interrupted or fails while performing quorum-related operations, quorum configuration information can become inconsistent in
       the cluster configuration database. If an inconsistency occurs, either run the same scconf command again or run it with the reset option to
       reset the quorum information.

EXAMPLES

       Example 1 Adding Network Appliance NAS Quorum Devices

	The following scconf command adds the Network Appliance NAS quorum device qd1.

	 -a -q name=qd1,type=netapp_nas,filer=nas1.sun.com,lun_id=0

       Example 2 Removing Network Appliance NAS Quorum Devices

	The following scconf command removes the Network Appliance NAS quorum device qd1.

	 -r -q name=qd1

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsczu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       Intro(1CL), clquorum(1CL), cluster(1CL), scconf(1M), scconf-quorum-dev-scsi(1M)

Sun Cluster 3.2 						    10 Apr 2006 				  scconf_quorum_dev_netapp_nas(1M)
All times are GMT -4. The time now is 09:32 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy