Hi Friends,
It is regarding one of the issue of Network, which we faced some days back. It was a kind of work through only. studying and reading more on it to check the exact cause. Firstly would like to tell, what we were able to do from server side and from Outside of the LAN/ same LAN.
1. We were able to connect Gateway or other sam LAN server from the server.
2. We were able to connect that server locally.
What we were not able of is :-
1. we were not able to connect to the server from different LAN.
2. Packet were dropping at Gateway only.
3. Gateway was not blocked from Security Team.
4. the trace was dropping at Gateway.
We checked /var/adm/syslogs/syslogs.log
the errors were like below :-
ipmon[830]: 13:28:58.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:10 ipmon[830]: 13:29:10.350000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:14 ipmon[830]: 13:29:13.820000 2x lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:16 ipmon[830]: 13:29:16.530000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:20 ipmon[830]: 13:29:20.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:22 ipmon[830]: 13:29:21.820000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:28 ipmon[830]: 13:29:28.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:28 ipmon[830]: 13:29:28.640000 lan1 @0:1 b 10.98.13.2 -> 224.0.0.1 PR igmp len 24 (32) IN
13:29:35 ipmon[830]: 13:29:35.810000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 576 IN
13:29:37 ipmon[830]: 13:29:37.830000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:38 ipmon[830]: 13:29:38.780000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 576 IN
13:29:42 ipmon[830]: 13:29:42.080000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 576 IN
13:29:45 ipmon[830]: 13:29:44.470000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:47 ipmon[830]: 13:29:46.560000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:51 ipmon[830]: 13:29:50.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:59 ipmon[830]: 13:29:58.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
This was due to IP file, which was stopping the server to get connected from outside or anywhere. the location of ipfile is
# cd /etc/opt/ipf
# pwd
/etc/opt/ipf
# ls -ltr
total 32
-rw-r--r-- 1 root sys 0 Jan 28 15:37 ipnat.conf
-rw-r--r-- 1 root sys 0 Jan 28 15:37 ipf6.conf
dr-xr-xr-x 2 bin bin 96 Jan 28 15:37 rpc.ipf
-rw-r--r-- 1 root sys 4875 Jan 28 16:49 ipf.conf.bkp
-rw------- 1 root root 3 Feb 11 18:10 ipmon.pid.bkp
-rw-r--r-- 1 root sys 4895 13:36 ipf.conf
# cat ipf.conf
#
Now please read ipf.conf file and also take the backup of the configuration files. in IP CONF files,
allow every line, and block the last line or comment the last line of ipf.conf file
# grep -v "^#" ipf.conf
block in log quick all with ipopts
# These rules will allow connections initiated from
# this host along with the return connection
pass out quick proto icmp all keep state
pass out quick proto tcp all keep state
pass out quick proto udp all keep state
# End allow outgoing rules
####################################################
# These rules specifically do not log netbios udp or portmapper
# packets because these protocols tends to be very noisy on networks
block in quick proto udp from any to any port = netbios_ns
block in quick proto udp from any to any port = netbios_dgm
block in quick proto udp from any to any port = portmap
pass in quick proto tcp from any to any port = 2367 flags S keep state keep frags
pass in quick proto tcp from any to any port = 5308 flags S keep state keep frags
pass in quick proto udp from any to any port = tftp
pass in quick proto tcp from any to any port = 22 flags S keep state keep frags
pass in quick proto udp from any to any port = snmp-trap keep state
pass in quick proto tcp from any to any port = 1188 flags S keep state keep frags
pass in quick proto tcp from any to any port = 1110 flags S keep state keep frags
pass in quick proto icmp from any to any icmp-type 8
pass in quick proto tcp from any to any port = 5989 flags S keep state keep frags
pass in quick proto tcp from any to any port = hpidsagent flags S keep state keep frags
pass in quick proto udp from any to any port = domain keep state
pass in quick proto udp from any to any port = snmp keep state
pass in quick proto tcp from any to any port = hpidsadmin flags S keep state keep frags
pass in quick proto tcp from any to any port = domain flags S keep state keep frags
#
-----
this has to be commented.
#Block any incoming connections which were not explicitly allowed
#block in log all
#
Now restart the services of ipfboot,
# /sbin/init.d/ipfboot restart
Usage: /sbin/init.d/ipfboot (start|stop)
# /sbin/init.d/ipfboot stop
# /sbin/init.d/ipfboot start
Set 0 now inactive
Set 0 now inactive
0 entries flushed from NAT table
0 entries flushed from NAT list
#
#
after this change my server was able to be ping from outside. and the server was also connecting from other LANs/ different LANs.
This resolved our issue. but this may not be the exact resolution or root cause, so please reading more about it and if find more on it. please add the same here as database. :)
I may be wrong above if yes then please comment and correct me or guide me.
Love Sharing
Amit Chopra
It is regarding one of the issue of Network, which we faced some days back. It was a kind of work through only. studying and reading more on it to check the exact cause. Firstly would like to tell, what we were able to do from server side and from Outside of the LAN/ same LAN.
1. We were able to connect Gateway or other sam LAN server from the server.
2. We were able to connect that server locally.
What we were not able of is :-
1. we were not able to connect to the server from different LAN.
2. Packet were dropping at Gateway only.
3. Gateway was not blocked from Security Team.
4. the trace was dropping at Gateway.
We checked /var/adm/syslogs/syslogs.log
the errors were like below :-
ipmon[830]: 13:28:58.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:10 ipmon[830]: 13:29:10.350000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:14 ipmon[830]: 13:29:13.820000 2x lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:16 ipmon[830]: 13:29:16.530000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:20 ipmon[830]: 13:29:20.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:22 ipmon[830]: 13:29:21.820000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:28 ipmon[830]: 13:29:28.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:28 ipmon[830]: 13:29:28.640000 lan1 @0:1 b 10.98.13.2 -> 224.0.0.1 PR igmp len 24 (32) IN
13:29:35 ipmon[830]: 13:29:35.810000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 576 IN
13:29:37 ipmon[830]: 13:29:37.830000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:38 ipmon[830]: 13:29:38.780000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 576 IN
13:29:42 ipmon[830]: 13:29:42.080000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 576 IN
13:29:45 ipmon[830]: 13:29:44.470000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:47 ipmon[830]: 13:29:46.560000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:51 ipmon[830]: 13:29:50.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
13:29:59 ipmon[830]: 13:29:58.460000 lan1 @0:6 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 288 IN
This was due to IP file, which was stopping the server to get connected from outside or anywhere. the location of ipfile is
# cd /etc/opt/ipf
# pwd
/etc/opt/ipf
# ls -ltr
total 32
-rw-r--r-- 1 root sys 0 Jan 28 15:37 ipnat.conf
-rw-r--r-- 1 root sys 0 Jan 28 15:37 ipf6.conf
dr-xr-xr-x 2 bin bin 96 Jan 28 15:37 rpc.ipf
-rw-r--r-- 1 root sys 4875 Jan 28 16:49 ipf.conf.bkp
-rw------- 1 root root 3 Feb 11 18:10 ipmon.pid.bkp
-rw-r--r-- 1 root sys 4895 13:36 ipf.conf
# cat ipf.conf
#
Now please read ipf.conf file and also take the backup of the configuration files. in IP CONF files,
allow every line, and block the last line or comment the last line of ipf.conf file
# grep -v "^#" ipf.conf
block in log quick all with ipopts
# These rules will allow connections initiated from
# this host along with the return connection
pass out quick proto icmp all keep state
pass out quick proto tcp all keep state
pass out quick proto udp all keep state
# End allow outgoing rules
####################################################
# These rules specifically do not log netbios udp or portmapper
# packets because these protocols tends to be very noisy on networks
block in quick proto udp from any to any port = netbios_ns
block in quick proto udp from any to any port = netbios_dgm
block in quick proto udp from any to any port = portmap
pass in quick proto tcp from any to any port = 2367 flags S keep state keep frags
pass in quick proto tcp from any to any port = 5308 flags S keep state keep frags
pass in quick proto udp from any to any port = tftp
pass in quick proto tcp from any to any port = 22 flags S keep state keep frags
pass in quick proto udp from any to any port = snmp-trap keep state
pass in quick proto tcp from any to any port = 1188 flags S keep state keep frags
pass in quick proto tcp from any to any port = 1110 flags S keep state keep frags
pass in quick proto icmp from any to any icmp-type 8
pass in quick proto tcp from any to any port = 5989 flags S keep state keep frags
pass in quick proto tcp from any to any port = hpidsagent flags S keep state keep frags
pass in quick proto udp from any to any port = domain keep state
pass in quick proto udp from any to any port = snmp keep state
pass in quick proto tcp from any to any port = hpidsadmin flags S keep state keep frags
pass in quick proto tcp from any to any port = domain flags S keep state keep frags
#
-----
this has to be commented.
#Block any incoming connections which were not explicitly allowed
#block in log all
#
Now restart the services of ipfboot,
# /sbin/init.d/ipfboot restart
Usage: /sbin/init.d/ipfboot (start|stop)
# /sbin/init.d/ipfboot stop
# /sbin/init.d/ipfboot start
Set 0 now inactive
Set 0 now inactive
0 entries flushed from NAT table
0 entries flushed from NAT list
#
#
after this change my server was able to be ping from outside. and the server was also connecting from other LANs/ different LANs.
This resolved our issue. but this may not be the exact resolution or root cause, so please reading more about it and if find more on it. please add the same here as database. :)
I may be wrong above if yes then please comment and correct me or guide me.
Love Sharing
Amit Chopra
No comments:
Post a Comment