How to enable "strict multihoming" on AIX?
From: Steve Greenland (steveg_at_molehole.dyndns.org)
Date: 10/31/03
- Next message: sp: "find who deleted directories"
- Previous message: Mike: "change nim master to nim client?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 31 Oct 2003 15:08:53 GMT
It seems that AIX (4.3.3, 5.1) allows connections to all the addresses
on a given host via any of the interfaces. For example, I can (ping,
connect to) address 192.168.0.7 on en1 from a different subnet connected
to en0 on, say, 192.168.15.1. (Assuming routing on the client is set
to appropriately, of course.) Sometimes this is how you want things to
work, but not necessarily.
On Solaris, you can prevent this by enabling 'strict_multihoming'.
Linux provides the rp_filter parameter to accomplish a similar (but not
identical) effect. Looking at the 'no' manpage and searching the web
have not produced a similar parameter for AIX; I've tried to several of
the 'no' settings that seemed like they might work (either directly or
by side effect), but no luck. Am I just missing it?
No, disabling IP forwarding does not stop this: it prevents going
*through* the multi-homed host, but not to arbitrary addresses *on* the
host.
BTW, I have figured how to accomplish it via the packet filter (genfilt
et. al.), but it seems like overkill for a fairly simple problem.
Thanks,
Steve
--
Steve Greenland
The irony is that Bill Gates claims to be making a stable operating
system and Linus Torvalds claims to be trying to take over the
world. -- seen on the net
- Next message: sp: "find who deleted directories"
- Previous message: Mike: "change nim master to nim client?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
