Login or Register to Ask a Question and Join Our Community


AIX

Allow port range using IPsec?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Allow port range using IPsec?
# 1  
Old 07-02-2012
Allow port range using IPsec?
Hi Guys,

Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port?
I'm sure it must be possible but I am unable to find the syntax.

Thanks
Chris
# 2  
Old 07-02-2012
I didn't work with IPsec yet, though here a try.

If this is what you are using, it seems they define the rules in terms of
Code:
... eq 21 gt 1023 ...

where eq seems to be "equal", gt "greater than", lt "less than" etc.

Check out the following link for examples:
Help - AIX 6.1 Information Center
# 3  
Old 07-02-2012
Quote:
Originally Posted by zaxxon
I didn't work with IPsec yet, though here a try.

If this is what you are using, it seems they define the rules in terms of
Code:
... eq 21 gt 1023 ...

where eq seems to be "equal", gt "greater than", lt "less than" etc.

Check out the following link for examples:
Thanks, are there any better alternatives to using IPsec? I am an Linux admin so I am used to using IPtables but the preferred option for AIX from what I have read seems to be IPsec?

Using smit it only allows me to use one argument for the port but I haven't checked it this works fine using CL.
# 4  
Old 07-03-2012
Don't know an alternative for AIX. Maybe put the AIX box behind a Linux box that uses iptables to protect the AIX box?
# 5  
Old 07-04-2012
I have not seen many production servers with internal firewall turned on. The reason is of course you will get a performance hit. Instead, as zaxxon suggested, you may put the server behind a dedicated firewall. Maybe you should consult with your network admins.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Bash script, find the next closed (not in use) port from some port range.

hi, i would like to create a bash script that check which port in my Linux server are closed (not in use) from a specific range, port range (3000-3010). the print output need to be only 1 port, and it will be nice if the output will be saved as a variable or in same file. my code is: ... (2 Replies)
Discussion started by: yossi
2 Replies

2. AIX

Forcing named 9 to use a fixed ephemeral port range

I'll start with I'm not an AIX expert, I inherited a lot of AIX servers to maintain. My problem is on AIX 7.1 TL4 SP4 environments. I'm running named as a DNS forwarder only to internal DNS servers. These AIX servers have a customized UDP ephemeral port range to avoid conflicting with the... (0 Replies)
Discussion started by: seanc
0 Replies

3. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

4. Red Hat

Which is the effective ephemeral port range in Linux 2.6 for this set up?

In my Linux system ephemeral port range is showing different ranges as follows $ cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000  cat /etc/sysctl.conf | grep net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 9000 65500 Which will be the effective ephemeral port... (5 Replies)
Discussion started by: steephen
5 Replies

5. UNIX for Dummies Questions & Answers

iptables to block port 25 only to a certain range

I want to limit all *outbound* traffic on eth0 (or all *.*) on port 25 to a specific (allowed) range... I.E. 192.168.1.5 (local ip) tries to connect to 1.2.3.4:25 (outside real world ip) It can proceed because 1.2.3.0/24 is the allowed range Now, 192.168.1.5 (local ip) tries to connect to... (1 Reply)
Discussion started by: holyearth
1 Replies

6. Cybersecurity

IPSEC

hello, after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration! I also generate different key for AH and ESP as i have shown below. what is my problem and what should i do to have ping and test the configuration? code: ... (0 Replies)
Discussion started by: elinaz
0 Replies

7. UNIX for Advanced & Expert Users

Ipsec implementation

How can i implement Ipsec between two machines in linux_ ubuntu? any link?? suggestion?? (0 Replies)
Discussion started by: elinaz
0 Replies

8. BSD

Problem on IPSec

Hi, this is my first post...:p Hello Admin :) Can I have an ask for something with my configuration ? I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely. I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
Discussion started by: aulia
0 Replies

9. AIX

TCP/UDP port range for default AIX NFS?

May I know what is the TCP/UCP port range for any default AIX NFS? Based on rpcinfo -p, I got the following output: program vers proto port service 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100000 4 ... (4 Replies)
Discussion started by: famasutika
4 Replies

10. Shell Programming and Scripting

print range between two patterns if it contains a pattern within the range

I want to print between the range two patterns if a particular pattern is present in between the two patterns. I am new to Unix. Any help would be greatly appreciated. e.g. Pattern1 Bombay Calcutta Delhi Pattern2 Pattern1 Patna Madras Gwalior Delhi Pattern2 Pattern1... (2 Replies)
Discussion started by: joyan321
2 Replies
Login or Register to Ask a Question