Re: AIX routing

From: John Jolet (john.jolet@FXFN.COM)
Date: Wed Apr 28 2004 - 11:27:50 EDT

• Next message: Gipson, Mat: "Re: Accidentially Removed a Volume Group"
• Previous message: Darryl Ousterhout: "Re: gcc Installation"
• In reply to: Mark Lamport: "Re: AIX routing"
• Next in thread: Jason Grove: "Re: AIX routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

this sounds like a networking problem external to the rs/6000. if you
have external users accessing the webserver NOT through the firewall,
don't you have a rather severe security problem? if traffic comes from,
say, 10.10.10.1, the networking gear in general should make the decision
which of the 3 interfaces to route it to. You might need to, in this
case, get the routing table updates from the routers. Are your routers
running rip? what routing update protocol is your network gear using?

Mark Lamport wrote:

>One interface is a webserver, its registered address is the address at the
>firewall. At the server it is another address which is resolved locally.
>Any traffic that comes through the firewall into the
>server must go back through the firewall. The inside firewall is the
>default gateway. If a remote user tries to connect via the other 2
>interfaces, it does not work because the packet is routed through the
>firewall. If I add a static route for a user coming in the other interfaces,
>they work but they can't come in to the webserver via the firewall because
>their packets will be routed by out the interface the static route was setup
>on. I agree, it appears all routing is done via destination address. I
>would like to route via destination and source or interface.
>
>AIX 5200-02
>
>
>
>
>----- Original Message -----
>From: "John Jolet" <john.jolet@FXFN.COM>
>Newsgroups: bit.listserv.aix-l
>To: <aix-l@Princeton.EDU>
>Sent: Wednesday, April 28, 2004 9:49 AM
>Subject: Re: AIX routing
>
>
>
>
>>what are you trying to accomplish? you can have only one default
>>route. ALL ip routing on ALL unix variants and all routers is done by
>>destination ip address. what version of aix?
>>
>>Mark Lamport wrote:
>>
>>
>>
>>>I have a RS/6000 with 3 interfaces, one of which is connected to a
>>>
>>>
>firewall.
>
>
>>>It appears all AIX routing is performed by destination ip address. Is
>>>
>>>
>there
>
>
>>>a way to perform routing by interface? I have tried the smit route but
>>>appears only to add another entry in the routing table for the
>>>
>>>
>destination
>
>
>>>addess.
>>>
>>>thanks.
>>>
>>>Mark Lamport
>>>
>>>
>>>
>>>

• Next message: Gipson, Mat: "Re: Accidentially Removed a Volume Group"
• Previous message: Darryl Ousterhout: "Re: gcc Installation"
• In reply to: Mark Lamport: "Re: AIX routing"
• Next in thread: Jason Grove: "Re: AIX routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:52 EDT