Firewall in HP-UX

In most datacenters it is very uncommon to use a firewall directly on the server. However, in HP-UX it is on as a default. To check the status of the firewall:

# ipfstat
dropped packets:        in 0    out 0
non-data packets:       in 0    out 0
no-data packets:        in 0    out 0
non-ip packets:         in 0    out 0
bad packets:         in 0    out 0
copied messages:        in 0    out 0
input packets:         blocked 0 passed 0 nomatch 0 counted 0 short 0
output packets:         blocked 0 passed 0 nomatch 0 counted 0 short 0
input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0
packets logged:        input 0 output 0
log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0
fragment state(out):    kept 0  lost 0
packet state(in):       kept 0  lost 0
packet state(out):      kept 0  lost 0
TCP connections:        in 0 out        0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  0       (out):  0
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
Packet log flags set: (0)
none
#

As you can see, there isn’t any interesting detail there. This could be because we don’t have any active firewall rules. To list rules:

# ipftest
no rule file present
#

7 Comments

  1. rustam
    Posted 03/12/2010 at 07:17 | Permalink

    i run ipfstat under root and got this message
    # cd /opt/ipf/bin/
    # ipfstat
    open: No such file or directory

    by the way, i’m from itrc(rustam http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1291352016802+28353475&threadId=1392052 ) forum who can’t open and close ports. I typed some messages in forum but they are deleted. I dont know why. Could you help me.

  2. Posted 03/12/2010 at 13:54 | Permalink

    Hi Rustam,

    I don’t know if the current directory is in your path, so you could maybe try it with full path:

    # ll /opt/ipf/bin/ipfstat
    # file /opt/ipf/bin/ipfstat
    # /opt/ipf/bin/ipfstat

    Let’s see if it helps..

    Regards,
    Viktor

  3. rustam
    Posted 03/12/2010 at 14:37 | Permalink

    Hi Viktor,
    I run ipfstat by other user and got error – permission denied.
    then switched to root and run again, again got error # /opt/ipf/bin/ipfstat
    open: No such file or directory
    I see this file in /bin
    # cd /opt/ipf/bin
    # ls
    ipf ipfs ipftest ipnat ipscan ipsyncm mkfilters
    ipfilter ipfstat ipmon ipresend ipsend ipsyncs

    I just eager install EM of Oracle to my HP-UX server.

    Regards,
    Rustam

  4. Posted 03/12/2010 at 14:59 | Permalink

    Hi,

    What says ipftest? Provide me a long listing of /opt/ipf/bin –> # ll /opt/ipf/bin

    Regards,
    Viktor

  5. rustam
    Posted 06/12/2010 at 11:48 | Permalink

    Hi Viktor,
    ipftest says
    # ipftest
    no rule file present

    and this command || returns:
    # ll /opt/ipf/bin
    total 2800
    -r-xr–r– 1 bin bin 177480 Oct 4 2007 ipf
    -r-xr–r– 1 bin bin 4115 Aug 20 2007 ipfilter
    -r-xr–r– 1 bin bin 72552 Oct 4 2007 ipfs
    -r-xr–r– 1 bin bin 164032 Oct 4 2007 ipfstat
    -r-xr–r– 1 bin bin 334984 Oct 4 2007 ipftest
    -r-xr–r– 1 bin bin 75888 Oct 4 2007 ipmon
    -r-xr–r– 1 bin bin 157712 Oct 4 2007 ipnat
    -r-xr–r– 1 bin bin 82904 Oct 4 2007 ipresend
    -r-xr–r– 1 bin bin 80472 Oct 4 2007 ipscan
    -r-xr–r– 1 bin bin 86992 Oct 4 2007 ipsend
    -r-xr–r– 1 bin bin 71520 Oct 4 2007 ipsyncm
    -r-xr–r– 1 bin bin 71488 Oct 4 2007 ipsyncs
    -r-xr–r– 1 bin bin 3193 Jan 31 2007 mkfilters

    Regards,
    Rustam

  6. Posted 06/12/2010 at 17:25 | Permalink

    Hi rustam,

    The output of ipftest “no rule file present” means that you don’t have any active firewall rules, in other words: the firewall on the host isn’t blocking anything. Maybe you could check the install logs of oracle and get a clue why EM just doesn’t work. If the application which should listen on the named ports. Also check the file $ORACLE_HOME/install/portlist.ini , can be that a custom port was set there.

    Regards,
    Viktor

  7. rustam
    Posted 07/12/2010 at 06:12 | Permalink

    Hi Viktor,
    I got now what does mean ipftest. If there is no firewall rules then problem have to be with Oracle software, right? I found in log file another information also:

    CONFIG: Error reading file /u01/app/oracle/product/10.2.0/db_1/install/staticports.ini
    Nov 25, 2010 3:35:33 PM oracle.sysman.emcp.EMConfig perform
    SEVERE: Failed to allocate port(s) in the specified range(s) for the following process(es): JMS [5540-5559],RMI [5520-5539],Database Control [5500-5519],EM Agent [3938] | [1830-1849]
    Refer to the log file at /u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/dbca/prod/emConfig.log for more details.

    i checked ORACLE_HOME/install/ and didnt find file staticports.ini. Why i dont have this file, do u have any idea?
    I also checked file portlist.ini and there are 2 values:
    iSQL*Plus HTTP port number =5560
    iSQL*Plus HTTP port number =5560

    should i add some values in portlist.ini and have to create new file staticports.ini?

    Regards,
    Rustam

Post a Comment

You must be logged in to post a comment.