AIX/HP-UX Interoperability Guide (continued)
[Last Chapter: 8. Printing]


9. Configuring TCP/IP

9.1 AIX

AIX supports a number of different networking technologies, including Ethernet, Token-ring, and Fiber Distributed Data Interface (FDDI). For purposes of this discussion we will assume Ethernet, since its use is so widespread. You must have the bosnet.tcpip.obj software installed in order to configure TCP/IP.

On most UNIX systems you configure TCP/IP with commands such as ifconfig and route, and then make your configuration permanent by editing startup files. You can do this with AIX, but since TCP/IP configuration is part of the ODM database, it is best to use SMIT to do all your configuration.

Basic TCP/IP Configuration

  1. Start SMIT:

    # smit mktcpip

  2. On the Available Network Interfaces screen, select the appropriate interface. Upon bootup cfgmgr recognizes the network card and configures it into the ODM database.
  3. On the Minimum Configuration & Startup menu, fill in, as a minimum, the HOSTNAME, Internet ADDRESS fields. Also specify whether or not you want to start TCP/IP now or at bootup in the START Now field.
  4. Additional parameters that can be configured with this screen are network mask, name service, gateway, and cable types. If you leave the Network MASK field blank, AIX will provide you with a default value based upon the class of the system's IP address. For the CABLE Type field, bnc specifies thin cable and dix specifies thick; for other types, choose N/A.

Example


Minimum Configuration & Startup

To Delete existing configuration data, please use Further Configuration menus


Type or select values in entry fields.
Press Enter AFTER making all desired changes.

                                                        [Entry Fields]
* HOSTNAME                                           [a2410bjv]
* Internet ADDRESS (dotted decimal)                  [15.24.48.58]
  Network MASK (dotted decimal)                      [255.255.248.0]
* Network INTERFACE                                   en0
  NAMESERVER
           Internet ADDRESS (dotted decimal)         [15.41.144.101]
           DOMAIN Name                               [nsr.hp.com]
  Default GATEWAY Address                            [15.24.55.253]
  (dotted decimal or symbolic name)
  Your CABLE Type                                     N/A              +
  START Now                                           no               +

Setting the Hostname

To set or reset your host's name,

  1. Start SMIT:

    # smit hostname

  2. Choose the Set the Hostname menu item.
  3. Fill in the new hostname in the HOSTNAME field.

Adding a Route

  1. Start SMIT:

    # smit mkroute

  2. Fill in the values for DESTINATION Address and Default GATEWAY Address. For Destination Type you have a choice between net and host. AIX provides a default value of 1 for the METRIC field.


Add Static Route

Type or select values in entry fields.
Press Enter AFTER making all desired changes.
                                                        [Entry Fields]
  Destination TYPE                                    net              +
* DESTINATION Address                                []
  (dotted decimal or symbolic name)
* Default GATEWAY Address                            []
  (dotted decimal or symbolic name)
* METRIC (number of hops to destination gateway)     [1]               #

Removing a Route

Removing a route in SMIT looks much as the same as adding a route. Just type in the following and fill in the appropriate values:

# smit rmroute

Flushing the Routing Table

To flush the routing table,

  1. Start SMIT:

    # smit fshrttbl

  2. This produces the following:


    Flush Routing Table

    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
      Flush Routing Table in the Current Running System   yes              +
      Flush Routing Table in the Configuration Data Base  no               +
       (effective in the next system restart)
    

If you want to flush the routing table temporarily but keep the routing information in the database, accept the defaults. If you want to clear the ODM of routing information, select yes for Flush Routing Table in the Configuration Data Base.

Changing Network Card Configuration

To alter the configuration of a network card, do the following:

  1. Start SMIT:

    # smit chinet

  2. Select the appropriate interface in the Available Network Interfaces menu.
  3. Make the appropriate changes as needed. If you leave the BROADCAST ADDRESS field blank, AIX will provide a default based on the subnet mask.

Example


Change / Show a Standard Ethernet Interface

Type or select values in entry fields.
Press Enter AFTER making all desired changes.

                                                        [Entry Fields]
  Network Interface Name                              en0
  INTERNET ADDRESS (dotted decimal)                  [15.24.48.58]
  Network MASK (hexadecimal or dotted decimal)       [255.255.248.0]
  Current STATE                                       up               +
  Use Address Resolution Protocol (ARP)?              yes              +
  BROADCAST ADDRESS (dotted decimal)                 []

Removing Network Card Configuration

There is no SMIT fastpath option to removing an interface. Instead,

  1. Start SMIT:

    # smit inet

  2. Select the Remove a Network Interface option.
  3. Select the appropriate interface.

CAUTION: SMIT removes the interface without prompting!

Managing Name Servers

To edit /etc/resolv.conf:

  1. Start SMIT:

    # smit resolv.conf

  2. This produces the following:


    Domain Nameserver (/etc/resolv.conf)

    Move cursor to desired item and press Enter.
    
      Start Using the Nameserver
      List All Nameservers
      Add a Nameserver
      Remove a Nameserver
      Stop Using a Nameserver
      -------------------------------
      Set / Show the Domain
      Remove the Domain
    

Use this as a means to edit the /etc/resolv.conf file or use a text editor to do so.

Adding Entries to /etc/hosts

  1. Start SMIT:

    # smit hostent

  2. This produces the following:


    Hosts Table (/etc/hosts)

    Move cursor to desired item and press Enter.
    
      List All Hosts
      Add a Host
      Change / Show Characteristics of a Host
      Remove a Host

Use this as a means to edit the /etc/hosts file or use a text editor to do so.

Editing /etc/inetd.conf

To edit /etc/inetd.conf and ensure the ODM database is updated:

  1. Start SMIT:

    # smit inetdconf

  2. This produces the following:


    inetd Subservers

    Move cursor to desired item and press Enter.
    
      List All inetd Subservers
      Add an inetd Subserver
      Change / Show Characteristics of an inetd Subserver
      Remove an inetd Subserver
    

Use the menu selections to add or remove entries to the /etc/inetd.conf and update the ODM. If, however, you edit /etc/inetd.conf with a text editor you must use the inetimp command to update the new information in the InetServ object class in the ODM.

Editing the /etc/services File

You can use SMIT to edit /etc/services and at the same time ensure that the ODM database is updated.

  1. Start SMIT:

    # smit inetserv

  2. This produces the following:


    Services (/etc/services)

    Move cursor to desired item and press Enter.
    
      List All Services
      Add a Service
      Change / Show Characteristics of a Service
      Remove a Service
    

Follow the menus to make the changes you desire. As with the /etc/inetd.conf file, you must use inetimp to update the ODM after using a text editor to change the /etc/services file.

Editing /etc/hosts.equiv

To create entries to or modify /etc/hosts.equiv using SMIT:

  1. Start SMIT:

    # smit hostsequiv

  2. This produces the following:


    Host Access (/etc/host.equiv)

    Move cursor to desired item and press Enter.
    
      List All Remote Hosts
      Add a Remote Host
      Remove a Remote Host
    

Follow the menus to make the changes you desire.

Editing /etc/ftpusers

To edit /etc/ftpusers:

  1. Start SMIT:

    # smit ftpusers

  2. This produces the following:


    Restrict File Transfer Program Users (/etc/ftpusers)

    Move cursor to desired item and press Enter.
    
      Show All Restricted Users
      Add a Restricted User
      Remove a Restricted User
    

Managing Other Services

  1. Start SMIT:

    # smit otherserv

  2. This produces the following:


    Other Available Services

    Move cursor to desired item and press Enter.
    
      Super Daemon (inetd)
      syslogd Subsystem
      routed Subsystem
      gated Subsystem
      named Subsystem
      rwhod Subsystem
      timed Subsystem
      portmap Subsystem (information only)
    

Using BSD Style rc Configuration

The AIX style of TCP configuration is to use the ODM configuration information. Upon bootup the /etc/rc.net file runs methods to configure the network card and set the hostname, default gateway, and routes based upon the ODM database. If you would prefer not to use the ODM to do this, you can elect to have a BSD style of TCP configuration. BSD style uses the ifconfig command and reads /etc/rc.bsdnet to configure the network card. To elect BSD style,

  1. Start SMIT:

    # smit setbootup_option

  2. Choose yes and press enter at the following screen:


    Select BSD style rc Configuration

    Please answer yes if you want BSD style rc configuration.
    The default is no.
    
    Default style configuration uses the data in the ODM database and
    uses the file /etc/rc.net to define, load, and configure a corresponding
    interface.
    
    BSD style configuration uses the traditional ifconfig command and it uses
    the file /etc/rc.bsdnet to configure the corresponding interface.
    
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
      Use BSD Style rc Configuration                        no             +
    

A caveat about the above procedure: after selecting yes you will not have System Resource Controller (SRC) support. In other words, you can't use commands like refresh -s inetd. If you want flat file configuration and SRC support, uncomment the commands in /etc/rc.net under the heading Traditional Configuration. Below is that section in commented form:

##################################################################
# Part II - Traditional Configuration.
##################################################################
# An alternative method for bringing up all the default interfaces
# is to specify explicitly which interfaces to configure using the
# ifconfig command.  Ifconfig requires the configuration information
# be specified on the command line.  Ifconfig will not update the
# information kept in the ODM configuration database.
#
# Valid network interfaces are:
# lo=local loopback, en=standard ethernet, et=802.3 ethernet
# sl=serial line IP, tr=802.5 token ring, xt=X.25
#
# e.g., en0 denotes standard ethernet network interface, unit zero.
#
# Below are examples of how you could bring up each interface using
# ifconfig.  Since you can specify either a hostname or a dotted
# decimal address to set the interface address, it is convenient to
# set the hostname at this point and use it for the aress of
# an interface, as shown below:
#
#/bin/hostname robo.austin.ibm.com      >>$LOGFILE 2>&1
#
# (Remember that if you have more than one interface,
# you'll want to have a different IP address for each one.
# Below, xx.xx.xx.xx stands for the internet address for the
# given interface).
#
#/usr/sbin/ifconfig lo0 inet loopback    up >>$LOGFILE 2>&1
#/usr/sbin/ifconfig en0 inet 'hostname'  up >>$LOGFILE 2>&1
#/usr/sbin/ifconfig et0 inet xx.xx.xx.xx  up >>$LOGFILE 2>&1
#/usr/sbin/ifconfig tr0 inet xx.xx.xx.xx  up >>$LOGFILE 2>&1
#/usr/sbin/ifconfig sl0 inet xx.xx.xx.xx  up >>$LOGFILE 2>&1
#/usr/sbin/ifconfig xt0 inet xx.xx.xx.xx  up >>$LOGFILE 2>&1
#
#
# Now we set any static routes.
#
# /usr/sbin/route add 0 gateway                 >>$LOGFILE 2>&1
# /usr/sbin/route add 192.9.201.0 gateway       >>$LOGFILE 2>&1

9.2 HP-UX

Using SAM to Edit /etc/hosts

Note the following information before you begin:

The following steps tell how to use SAM to automatically add entries to /etc/hosts:

  1. Start SAM.
  2. Select the Networking/Communications menu item.
  3. Select the Remote System Connectivity menu item.
  4. Select the Internet Connectivity menu item.
  5. Select the Add action.
  6. Fill in the form according to its instructions. View the help screens for information about filling in the form.
  7. Select apply to enter additional names of systems to be configured (use apply as a shortcut to remain in the add screen). Then, press OK when you are done with the screen.
  8. Repeat steps 4 through 7 to add connectivity to more remote systems.
  9. Exit the Internet Connectivity screen by selecting Exit from the List menu. From the Remote System Connectivity screen, select Exit SAM to exit from SAM.

Specifying a New Default Gateway

To replace the current default gateway (if there is one), select the Modify Default Gateway Action from the Internet Connectivity menu (under the Remote System Connectivity area).

Deleting the Default Gateway

If you want to delete the default gateway that you added with SAM's Specify the Default Gateway form, you must do it manually with the following:

Enter the following command at the HP-UX prompt:

/etc/route delete default gateway_hostname

Edit the /etc/netlinkrc file to remove the corresponding /etc/route add default entry for the gateway.

Editing /etc/inetd.conf

You can modify /etc/inetd.conf if you have special requirements, but it is properly configured when you receive it with the LAN product.

Anytime inetd is started up, it reads the/etc/inetd.conf file. If you modify the /etc/inetd.conf entry for a service, use the inetd -c command to reconfigure inetd while it is still running.

The /etc/inetd.conf file contains an entry for each ARPA server started by inetd on your host, with the exception of rcp, whose server is remshd. sendmail, named, and gated provide their own daemons, and their servers are not started by inetd.

Editing /usr/adm/inetd.sec

The /usr/adm/inetd.sec file is a security file used by the daemon inetd. The /usr/adm/inetd.sec file provides an extra security layer beyond any security check done by the services. It allows the node manager to determine how many remote services can run simultaneously on the local host and which hosts or networks are allowed to remotely use the local host. This check is done before the service's security check. The inetd daemon reads the /usr/adm/inetd.sec file and checks the address of any host requesting a service. The inetd daemon only allows the requesting host to access a particular service if it is not forbidden by /usr/adm/inetd.sec.

NOTE If inetd is running, it rereads /usr/adm/inetd.sec when you make changes to it. Your changes are applied to any services started up after the file is reread, but not to any services currently running.

Setting the Maximum Number of Remote Connections

If you choose to put a limit on the number of services that can be used remotely at any one time, use the following entry in the first line of /usr/adm/inetd.sec:

MAXNUM number

where number is the maximum number of simultaneous remote services allowed.

If MAXNUM is declared, it must be the first line of data in the file. MAXNUM default is 1000.

Allowing and Denying Nodes Access to Services.

You can allow and deny remote systems access to local ARPA Services by using SAM or by manually editing the /usr/adm/inetd.sec file.

Using SAM to Edit /usr/adm/inetd.sec

SAM does not allow you to set the maximum number of connections by which remote users access local services. If you want to set this number, edit /usr/adm/inetd.sec manually.

The following steps tell how to use SAM to allow or deny remote systems access to local ARPA Services:

  1. Start SAM.
  2. Select the Networking/Communications menu item.
  3. Select the Security menu item.
  4. Select the Internet Service menu item.
  5. To modify a single service, highlight it, and then select the Modify action item. Alternatively, you can choose the Modify All Services action to change security for all services.
  6. Fill in the form according to its instructions. View the help screens for information about filling in the form.
  7. Select apply to enter additional names of systems to be configured (use apply as a shortcut to remain in the add screen). Then, press OK when you are done with the screen.
  8. Repeat steps 5 through 7 to allow or deny remote systems access to other local ARPA Services.
  9. Exit the Internet Service screen by selecting exit from the List menu. From the Security screen, select Exit SAM to exit from SAM.

Creating /etc/ftpusers

The /etc/ftpusers file is a security file for ftpd. You must create this file if you want to use it. ftpd checks locally for this file before allowing a remote login to the local host. If the remote user specifies an account on the local host that is listed in /etc/ftpusers, the remote connection is denied.

Using SAM to Create /etc/ftpusers

You can use SAM to create /etc/ftpusers or you can manually create and edit this file.

  1. Start SAM.
  2. Select the Networking/Communications menu item.
  3. Select the Security menu item.
  4. Select the Internet Service menu item.
  5. Select the ftp service and choose the Modify action. Highlight the "Select Denied Users" item and fill in the list of users you wish to deny access to the ftp service. Select Add to add each user to the list.
  6. Select OK when you are done with the screen.
  7. Exit the Internet Security screen by selecting exit from the List menu. From the Security screen, select Exit SAM to exit from SAM.

Creating /etc/hosts.equiv

If you have already manually configured an /etc/hosts.equiv file with entries other than those of the form hostname or hostname username do not use SAM to configure /etc/hosts.equiv. SAM does not recognize, display or add entries of other forms (such as +, -, %, or +@example_nfsnetgroup).

  1. Start SAM
  2. Select the Networking/Communications menu item.
  3. Select the Security menu item.
  4. Select the Remote Login menu item.
  5. Select the Add action.
  6. Fill in the form according to its instructions. View the help screens for information about filling in the form.
  7. Select apply to enter additional names of systems to be configured (use apply as a shortcut to remain in the add screen). Then, press OK when you are done with the screen.
  8. Repeat steps 5 through 7 to allow or deny remote systems' easy access (via rcp, remsh, or rlogin) to the local system.
  9. Exit the Remote Login screen by selecting exit from the List menu. From the Security screen, select Exit SAM to exit from SAM.

Creating a .rhosts File for the Local Superuser Account.

You can use SAM to create a $HOME/.rhosts file for the local superuser account only. (You cannot create $HOME/.rhosts files for local non-superuser accounts with SAM.)

If you have already manually configured a $HOME/.rhosts file and did not use entries of the following forms hostname or hostname username do not use SAM to configure $HOME/.rhosts. SAM does not recognize, display or add entries of other forms (such as +, -, %, or +@example_nfsnetgroup).

The following steps tell how to use SAM to let a remote system's user(s) become superuser on your local host without having to enter a password:

  1. Start SAM.
  2. Select the Networking/Communications menu item.
  3. Select the Security menu item.
  4. Select the Remote Login menu item.
  5. Select the Add action.
  6. Fill in the form according to its instructions. View the help screens for information about filling in the form.
  7. Select apply to enter additional names of systems to be configured (use apply as a shortcut to remain in the add screen). Then, press OK when you are done with the screen.
  8. Exit the Remote Login screen by selecting exit from the List menu.
  9. From the Security screen, select Exit SAM to exit from SAM.

Networking Startup Files

The /etc/rc script is executed when your system boots. It calls the /etc/src.sh file to set the hostname of your system. The /etc/rc script calls the /etc/netlinkrc script which initializes your networking. If you configure networking manually, this is the script to modify. The following are included in /etc/netlinkrc:

/etc/nettl, the logging daemon

/etc/ifconfig

/etc/lanconfig

/etc/route

/bin/nodename

/etc/rlbdaemon, the remote loop back daemon

/etc/syslogd

/etc/netnfsrc, the script that starts NFS

/etc/inetd

/etc/netbsdrc, the script that starts ARPA/BSD networking services

/etc/netnfsrc2, which makes NFS mounts and starts automounter

/etc/netnssrc, which starts NS services

9.3 Summary

TCP/IP is a standard product, but configuring it differs considerably in AIX and HP-UX. Like so many items in AIX, networking configuration by default is part of the ODM configuration database. Therefore changes to networking files such as /etc/inetd.conf and /etc/services require the inetimp command to update the ODM. It is easier, however, to use SMIT to configure TCP/IP because doing so insures that the ODM is brought up to date automatically. You do have the option in AIX to configure TCP/IP using the traditional commands ifconfig and route, and to make your changes permanent by either editing the /etc/rc.net file, in which case you retain SRC support, or editing /etc/rc.bsdnet, entailing no SRC support.

HP-UX has a traditional means of configuring TCP/IP. However, using SAM can make the process a lot easier. HP-UX also has a /usr/adm/inetd.sec file, which AIX does not, that adds an extra layer of security for TCP/IP.


[Next Chapter: 10. Domain Name Service]


Provide feedback to: alan_roberts@hp.com

[Table of Contents] [Outline] [Index] (Updated 09 MAR 97)
Copyright 1996 Hewlett-Packard Company. All rights reserved.