06-20-2018
Quote:
Originally Posted by
anil1000
Well, we talked with Firewall team as well, but they are saying that it is the normal behavior of the firewall to drop the packets rather than sending reset.
That is a matter of choice. To drop packets is more so legitimate in an Internet facing situation, but if you are using it for internal segmentation dropping will break stuff, while a reject is more graceful. There are pros and cons, but it is not "normal behavior" in the sense that it is the only possibility.
Besides this, there are options to keep connections alive, to change timeouts or to make the time longer before the firewall interferes.
Quote:
Another plan of action to resolve this issue is
Plan 1
keep both NAS IP and Storage LIF IP in same VLAN and don't keep any firewall in between. (currently both NAS IP and Storage LIF IP are in different VLAN with firewall in between)
but I would like to know
Plan 2
What if we keep the same setup with communication happening from random source ports from client end to storage LIF ports with firewall in between,
which will be more secure plan 1 or Plan 2?
Thanks
With plan 2 I think you may still have the problem once in a while. just less frequently. I personally would typically avoid sharing NFS through a firewall, unless you are using NFS with Kerberos. If you are using standard NFS with auth_sys authentication then in my opinion that is usually not a very secure situation and using reserved ports is not going to help that. But even with all that you described I do not know enough about your situation...
Last edited by Scrutinizer; 06-20-2018 at 04:49 PM..
9 More Discussions You Might Find Interesting
1. AIX
Hi Guys,
i am trying to open a port in AIX.
but i am not able to get the command for this. AIX is not having the iptables file present.
So please any body can tell me how to open a port in AIX...
Thanks
sanju (2 Replies)
Discussion started by: sanju_d1231
2 Replies
2. Programming
Hi,
I am working with sun Solaris 5.9 and in my application,I have to communicate with Serial port(i.e /dev/term/a).
So I need source code to by which I can do the following things--
1)check the port is available or not.If it dosn't find the port,it should throw the error message(i.e. port not... (0 Replies)
Discussion started by: smartgupta
0 Replies
3. UNIX for Advanced & Expert Users
In general for intalling a package like we do
./configure, make , make install
But if we want to integrate the package with a huge source base
what are the things to be taken care
could some one have a light on purpose of ./configure , make and make install
along with above question.
I... (1 Reply)
Discussion started by: Gopi Krishna P
1 Replies
4. AIX
Hi,
I was looking on Google for AIX-VIO/LPAR with ISCSI solution and found following really nice tutorial about how to setup ISCSI with free NAS.
1) Build Your Own Open Source NAS Device Using FreeNAS | Train Signal Training - Free Computer Training Videos
2) Build Your Own Open Source... (4 Replies)
Discussion started by: kabir
4 Replies
5. AIX
Hello all. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs with no issues, but when the time comes to make, this happens:
make: make 1254-025 There must be an existing description file or specify a target.
... (4 Replies)
Discussion started by: raidzero
4 Replies
6. AIX
Hello Gurus,
I was trying to find who's using my port and got below answer from a IBM website. But the problem with the below answer is I need a root to run the rmsock, is there any other alternative to find out who is using my port with out a root access??
1. netstat -Aan | grep <port... (1 Reply)
Discussion started by: tenderfoot
1 Replies
7. Programming
Hi all,
I need to change the source port number of an outgoing TCP packet. First I have to bind the socket to a particular port(suppose 9001) but when I send the TCP packet I want to change the source port number lets say to 9002 still letting the socket to be bound to the same old port (9001).... (0 Replies)
Discussion started by: anuragrai134
0 Replies
8. AIX
Please send me link for XVFB Source package for AIX (3 Replies)
Discussion started by: prathap.g
3 Replies
9. UNIX for Advanced & Expert Users
Hello all,
I need your help with any command to release a port on AIX.
Thanks for all. (5 Replies)
Discussion started by: Mcipamo
5 Replies
LEARN ABOUT OPENSOLARIS
scconf_quorum_dev_netapp_nas
scconf_quorum_dev_netapp_nas(1M) System Administration Commands scconf_quorum_dev_netapp_nas(1M)
NAME
scconf_quorum_dev_netapp_nas - add and remove shared Network Appliance network-attached storage (NAS) quorum devices and change various NAS
cluster quorum configuration properties or states.
SYNOPSIS
scconf {-a|-c|-r} -q name=devicename otheroptions
DESCRIPTION
Note -
Beginning with the Sun Cluster 3.2 release, Sun Cluster software includes an object-oriented command set. Although Sun Cluster software
still supports the original command set, Sun Cluster procedural documentation uses only the object-oriented command set. For more infor-
mation about the object-oriented command set, see the Intro(1CL) man page.
A Network Appliance NAS device can be configured as a quorum device for Sun Cluster. The NAS configuration information consists of:
o a device name, which must be unique across quorum devices
o
a filer name, which defaults to the device name if not specified
o a LUN ID, which defaults to 0 if not specified
To provide support for NAS devices as quorum devices, the administrator must install the quorum device support module provided by Network
Appliance. If this module is not available, scconfprevents the addition of the quorum device. See Sun Cluster With Network-Attached Storage
Devices Manual for Solaris OS for instructions about obtaining the support module.
Additionally, the iSCSI license must be valid for the Network Appliance device.
OPTIONS
The following options can be used for NAS quorum devices. See scconf(1M) for the list of supported generic options. See scconf_quo-
rum_dev_netapp_nas(1M) for options that are specific to shared disk quorum devices.
The add and remove forms of the command are used to add and remove NAS quorum devices to or from the configuration. The change form of the
command is used for changing various properties of cluster quorum configuration.
Before you add a quorum device, you must set up and configure the device and the logical unit number (LUN) on the device to be configured
as a quorum device. For detailed procedures, see your Network Appliance documentation. For Sun Cluster requirements of device setup, see
Sun Cluster With Network-Attached Storage Devices Manual for Solaris OS. After the quorum device is added, you cannot change the type.
Add a NAS quorum device:
-q -a name=devicename,type=netapp_nas[,filer=filer-name][,lun_id=0]
Change a NAS quorum device's configuration:
-q -c name=devicename,{maintstate | reset}
Remove a NAS quorum device:
-q -r name=devicename
The -q option supports the following Network Appliance NAS-specific suboptions:
filer=filer-name
Specifies the name of the device on the network that you can use to access the NAS device when you are using rsh or telnet.
lun_id=0
Specifies the LUN ID on the NAS device that will be a NAS quorum device. The LUN ID defaults to 0.
When scconf is interrupted or fails while performing quorum-related operations, quorum configuration information can become inconsistent in
the cluster configuration database. If an inconsistency occurs, either run the same scconf command again or run it with the reset option to
reset the quorum information.
EXAMPLES
Example 1 Adding Network Appliance NAS Quorum Devices
The following scconf command adds the Network Appliance NAS quorum device qd1.
-a -q name=qd1,type=netapp_nas,filer=nas1.sun.com,lun_id=0
Example 2 Removing Network Appliance NAS Quorum Devices
The following scconf command removes the Network Appliance NAS quorum device qd1.
-r -q name=qd1
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsczu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
Intro(1CL), clquorum(1CL), cluster(1CL), scconf(1M), scconf-quorum-dev-scsi(1M)
Sun Cluster 3.2 10 Apr 2006 scconf_quorum_dev_netapp_nas(1M)