Re: AIX routing

From: Jason Grove (jason@SYSTEMS.WVU.EDU)
Date: Wed Apr 28 2004 - 20:39:02 EDT

• Next message: Sue Pellerito: "Sue Pellerito/CSC/FMI is out of the office."
• Previous message: Patrick B. O'Brien: "Re: Restoring file from MKSYSB"
• In reply to: Mark Lamport: "Re: AIX routing"
• Next in thread: Holger.VanKoll@SWISSCOM.COM: "Re: AIX routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Looks like you have an asymetric routing problem. We have the same
problem. We have an 6H1 that is a web server and a Cisco SSL box in
front of it. The cisco communicates over a private network to the 6H1,
but the 6H1 has a public address for ssh, etc. To solve it we setup the
Cisco box to NAT all the ips that came in so that when they hit the 6H1,
they all appeared to come from the private network, so it sent the data
back to the private network on the Cisco box and then was reverse nated
back to the end user. Works fine, just a very ugly setup. This is
probably the only way you can accomplish what you are wanting to do. If
your firewall does not have NAT ability, you could possibly set up an
Apache+Proxy box in between the firewall and IBM machine, then have the
firewall direct all queries to the Apache/proxy and then the
apache/proxy will get the info and pass it back through. Since the
apache box would be on your private network, the routing should not be a
problem.

jason

Mark Lamport wrote:

> One interface is a webserver, its registered address is the address at the
> firewall. At the server it is another address which is resolved locally.
> Any traffic that comes through the firewall into the
> server must go back through the firewall. The inside firewall is the
> default gateway. If a remote user tries to connect via the other 2
> interfaces, it does not work because the packet is routed through the
> firewall. If I add a static route for a user coming in the other interfaces,
> they work but they can't come in to the webserver via the firewall because
> their packets will be routed by out the interface the static route was setup
> on. I agree, it appears all routing is done via destination address. I
> would like to route via destination and source or interface.
>
> AIX 5200-02
>
>
>
>
> ----- Original Message -----
> From: "John Jolet" <john.jolet@FXFN.COM>
> Newsgroups: bit.listserv.aix-l
> To: <aix-l@Princeton.EDU>
> Sent: Wednesday, April 28, 2004 9:49 AM
> Subject: Re: AIX routing
>
>
>
>>what are you trying to accomplish? you can have only one default
>>route. ALL ip routing on ALL unix variants and all routers is done by
>>destination ip address. what version of aix?
>>
>>Mark Lamport wrote:
>>
>>
>>>I have a RS/6000 with 3 interfaces, one of which is connected to a
>
> firewall.
>
>>>It appears all AIX routing is performed by destination ip address. Is
>
> there
>
>>>a way to perform routing by interface? I have tried the smit route but
>>>appears only to add another entry in the routing table for the
>
> destination
>
>>>addess.
>>>
>>>thanks.
>>>
>>>Mark Lamport
>>>
>>>
>>

• Next message: Sue Pellerito: "Sue Pellerito/CSC/FMI is out of the office."
• Previous message: Patrick B. O'Brien: "Re: Restoring file from MKSYSB"
• In reply to: Mark Lamport: "Re: AIX routing"
• Next in thread: Holger.VanKoll@SWISSCOM.COM: "Re: AIX routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:52 EDT