Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Encrypt traffic between Solaris 8 hosts
Top Forums UNIX for Advanced & Expert Users Encrypt traffic between Solaris 8 hosts Post 65475 by reborg on Saturday 5th of March 2005 01:02:54 PM
Old 03-05-2005
Also you could consider using a secure tunnel between the machines for this and routing this fraffic through the tunnel.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remote hosts access problem on solaris

hey guys, i am on a box named pluto and i need to be able to log into another box named genesis. i need to be able to ssh into genesis as root and not get asked for the password. what file do i need to edit on genesis to make this happen? i searched for the .rhosts file it doesn't seem to exist.... (1 Reply)
Discussion started by: Terrible
1 Replies

2. Solaris

Multiple Hosts on Solaris CDE window

I forgot how to configure multiple host servers on the my CDE windows in Solaris. I'll appreciate any help Thanks, Remi (2 Replies)
Discussion started by: Remi
2 Replies

3. UNIX for Dummies Questions & Answers

Traffic count in Solaris

Hello, Iam looking for a solution to keep track on my traffic usuage, monthly usuage. Anybody could recommend anything? /empty (2 Replies)
Discussion started by: empty
2 Replies

4. Red Hat

SSH broke and network traffic / talking issue between hosts and server

Ok Time warner cable / voip modem feeding Cisco PIX 501 Wan port from PIX 501 LAN port to WAN port on Linksys wrt54GL wireless router. so -->Modem-->PIX 501-->WRT54GL-->Linux Server, wireless desktop, wireless laptop (2), Wireless MAC Pro, Wireless Apple TV, Wireless printer. my... (0 Replies)
Discussion started by: tedeansiii
0 Replies

5. Solaris

Solaris 10 encrypt command: can't use heredocs

I'm trying to use the Solaris 10 "encrypt" command in a script. I want to encrypt a file called "database", but not using a keyfile, instead using a keyphrase. Running this from the cli requests the user to input "Enter key:" which is fair enough but I want to run this from a script. I've tried... (1 Reply)
Discussion started by: fixit9660
1 Replies

6. Solaris

[Solaris 10] /etc/hosts.allow

Hi, I am trying to find a Solaris 10 alternative to the HPUX inetd.sec functionality. I want to grant access to one service for one IP address only. # grep fme2eall /etc/services fme2eall 35000/tcp # svcs -a | grep fme2eall online Mar_09 ... (2 Replies)
Discussion started by: ejdv
2 Replies

7. Solaris

/etc/hosts.allow on Solaris 10

I added some entries in the /etc/hosts.allow on a Solaris 10 system. Do I need to bounce inetd? I have read some accounts where any changes made to the /etc/hosts.allow will be taken in automatically. And other accounts where you need to run: svcadm refresh inetd My... (1 Reply)
Discussion started by: snoman1
1 Replies

8. Solaris

Solaris Question - How to find outgoing traffic on UDP ports

Hello All, I am trying find a command that would show me the stats of outgoing traffic on UPD ports on a Solaris 10 box. I would appreciate if anybody could help me out on this. Thank you much!!! Best Regards Sudharma. (7 Replies)
Discussion started by: sudharma
7 Replies

9. Solaris

HBA data traffic monitor in Solaris 10.

Hi All We have T4-4 Server with 2 HBA configured for SAN connectivity. We want to monitor Data traffice going through these HBA. On other AIX system we have that capability with nmon. Following screen shows nmon HBA monitoring can we achieve same in Solaris 10. ... (1 Reply)
Discussion started by: uxravi
1 Replies

10. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

LEARN ABOUT MOJAVE

tc-tunnel_key

Tunnel metadata manipulation action in tc(8)                           Linux                          Tunnel metadata manipulation action in tc(8)

NAME

       tunnel_key - Tunnel metadata manipulation

SYNOPSIS

       tc ... action tunnel_key { unset | SET }

       SET := set src_ip ADDRESS dst_ip ADDRESS id KEY_ID dst_port UDP_PORT [ csum | nocsum ]

DESCRIPTION

       The  tunnel_key  action combined with a shared IP tunnel device, allows to perform IP tunnel en- or decapsulation on a packet, reflected by
       the operation modes UNSET and SET.  The UNSET mode is optional - even without using it, the metadata information will be released automati-
       cally  when packet processing will be finished.  UNSET function could be used in cases when traffic is forwarded between two tunnels, where
       the metadata from the first tunnel will be used for encapsulation done by the second tunnel.  SET mode requires the source and  destination
       ip  ADDRESS  and  the  tunnel  key  id KEY_ID which will be used by the ip tunnel shared device to create the tunnel header. The tunnel_key
       action is useful only in combination with a mirred redirect action to a shared IP tunnel device which will use the metadata (for SET )  and
       unset the metadata created by it (for UNSET ).

OPTIONS

       unset  Unset  the  tunnel metadata created by the IP tunnel device.  This function is not mandatory and might be used only in some specific
              use cases (as explained above).

       set    Set tunnel metadata to be used by the IP tunnel device. Requires id , src_ip and dst_ip options.  dst_port is optional.

              id     Tunnel ID (for example VNI in VXLAN tunnel)

              src_ip Outer header source IP address (IPv4 or IPv6)

              dst_ip Outer header destination IP address (IPv4 or IPv6)

              dst_port
                     Outer header destination UDP port

              [no]csum
                     Controlls outer UDP checksum. When set to csum (which is default), the outer UDP checksum is calculated and included  in  the
                     packets.  When set to nocsum, outer UDP checksum is zero. Note that when using zero UDP checksums with IPv6, the other tunnel
                     endpoint must be configured to accept such packets.  In Linux, this would be the udp6zerocsumrx option for the  VXLAN  tunnel
                     interface.

                     If  using  nocsum  with  IPv6, be sure you know what you are doing. Zero UDP checksums provide weaker protection against cor-
                     rupted packets. See RFC6935 for details.

EXAMPLES

       The following example encapsulates incoming ICMP packets on eth0 into a vxlan tunnel, by setting metadata to VNI 11,  source  IP  11.11.0.1
       and  destination  IP  11.11.0.2,  and  by redirecting the packet with the metadata to device vxlan0, which will do the actual encapsulation
       using the metadata:

              #tc qdisc add dev eth0 handle ffff: ingress
              #tc filter add dev eth0 protocol ip parent ffff: 
                flower 
                  ip_proto icmp 
                action tunnel_key set 
                  src_ip 11.11.0.1 
                  dst_ip 11.11.0.2 
                  id 11 
                action mirred egress redirect dev vxlan0

       Here is an example of the unset function: Incoming VXLAN traffic with outer IP's and VNI 11 is decapsulated by vxlan0 and metadata is unset
       before redirecting to tunl1 device:

              #tc qdisc add dev eth0 handle ffff: ingress
              #tc filter add dev vxlan0 protocol ip parent ffff:   flower 
                     enc_src_ip 11.11.0.2 enc_dst_ip 11.11.0.1 enc_key_id 11   action tunnel_key unset  action mirred egress redirect dev tunl1

SEE ALSO

       tc(8)

iproute2                                                            10 Nov 2016                       Tunnel metadata manipulation action in tc(8)
All times are GMT -4. The time now is 02:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy