AIX/HP-UX Interoperability Guide (continued)
[Last Chapter: 8. Printing]
AIX supports a number of different networking technologies, including Ethernet, Token-ring, and Fiber Distributed Data Interface (FDDI). For purposes of this discussion we will assume Ethernet, since its use is so widespread. You must have the bosnet.tcpip.obj software installed in order to configure TCP/IP.
On most UNIX systems you configure TCP/IP with commands such as ifconfig and route, and then make your configuration permanent by editing startup files. You can do this with AIX, but since TCP/IP configuration is part of the ODM database, it is best to use SMIT to do all your configuration.
Minimum Configuration & Startup
To Delete existing configuration data, please use Further Configuration menus Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * HOSTNAME [a2410bjv] * Internet ADDRESS (dotted decimal) [15.24.48.58] Network MASK (dotted decimal) [255.255.248.0] * Network INTERFACE en0 NAMESERVER Internet ADDRESS (dotted decimal) [15.41.144.101] DOMAIN Name [nsr.hp.com] Default GATEWAY Address [15.24.55.253] (dotted decimal or symbolic name) Your CABLE Type N/A + START Now no +
To set or reset your host's name,
Add Static Route
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] Destination TYPE net + * DESTINATION Address [] (dotted decimal or symbolic name) * Default GATEWAY Address [] (dotted decimal or symbolic name) * METRIC (number of hops to destination gateway) [1] #
Removing a route in SMIT looks much as the same as adding a route. Just type in the following and fill in the appropriate values:
To flush the routing table,
Flush Routing Table
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] Flush Routing Table in the Current Running System yes + Flush Routing Table in the Configuration Data Base no + (effective in the next system restart)
If you want to flush the routing table temporarily but keep the routing information in the database, accept the defaults. If you want to clear the ODM of routing information, select yes for Flush Routing Table in the Configuration Data Base.
To alter the configuration of a network card, do the following:
Change / Show a Standard Ethernet Interface
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] Network Interface Name en0 INTERNET ADDRESS (dotted decimal) [15.24.48.58] Network MASK (hexadecimal or dotted decimal) [255.255.248.0] Current STATE up + Use Address Resolution Protocol (ARP)? yes + BROADCAST ADDRESS (dotted decimal) []
There is no SMIT fastpath option to removing an interface. Instead,
CAUTION: SMIT removes the interface without prompting!
To edit /etc/resolv.conf:
Domain Nameserver (/etc/resolv.conf)
Move cursor to desired item and press Enter. Start Using the Nameserver List All Nameservers Add a Nameserver Remove a Nameserver Stop Using a Nameserver ------------------------------- Set / Show the Domain Remove the Domain
Use this as a means to edit the /etc/resolv.conf file or use a text editor to do so.
Hosts Table (/etc/hosts)
Move cursor to desired item and press Enter. List All Hosts Add a Host Change / Show Characteristics of a Host Remove a Host
Use this as a means to edit the /etc/hosts file or use a text editor to do so.
To edit /etc/inetd.conf and ensure the ODM database is updated:
inetd Subservers
Move cursor to desired item and press Enter. List All inetd Subservers Add an inetd Subserver Change / Show Characteristics of an inetd Subserver Remove an inetd Subserver
Use the menu selections to add or remove entries to the /etc/inetd.conf and update the ODM. If, however, you edit /etc/inetd.conf with a text editor you must use the inetimp command to update the new information in the InetServ object class in the ODM.
You can use SMIT to edit /etc/services and at the same time ensure that the ODM database is updated.
Services (/etc/services)
Move cursor to desired item and press Enter. List All Services Add a Service Change / Show Characteristics of a Service Remove a Service
Follow the menus to make the changes you desire. As with the /etc/inetd.conf file, you must use inetimp to update the ODM after using a text editor to change the /etc/services file.
To create entries to or modify /etc/hosts.equiv using SMIT:
Host Access (/etc/host.equiv)
Move cursor to desired item and press Enter. List All Remote Hosts Add a Remote Host Remove a Remote Host
Follow the menus to make the changes you desire.
To edit /etc/ftpusers:
Restrict File Transfer Program Users (/etc/ftpusers)
Move cursor to desired item and press Enter. Show All Restricted Users Add a Restricted User Remove a Restricted User
Other Available Services
Move cursor to desired item and press Enter. Super Daemon (inetd) syslogd Subsystem routed Subsystem gated Subsystem named Subsystem rwhod Subsystem timed Subsystem portmap Subsystem (information only)
The AIX style of TCP configuration is to use the ODM configuration information. Upon bootup the /etc/rc.net file runs methods to configure the network card and set the hostname, default gateway, and routes based upon the ODM database. If you would prefer not to use the ODM to do this, you can elect to have a BSD style of TCP configuration. BSD style uses the ifconfig command and reads /etc/rc.bsdnet to configure the network card. To elect BSD style,
Select BSD style rc Configuration
Please answer yes if you want BSD style rc configuration. The default is no. Default style configuration uses the data in the ODM database and uses the file /etc/rc.net to define, load, and configure a corresponding interface. BSD style configuration uses the traditional ifconfig command and it uses the file /etc/rc.bsdnet to configure the corresponding interface. Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] Use BSD Style rc Configuration no +
A caveat about the above procedure: after selecting yes you will not have System Resource Controller (SRC) support. In other words, you can't use commands like refresh -s inetd. If you want flat file configuration and SRC support, uncomment the commands in /etc/rc.net under the heading Traditional Configuration. Below is that section in commented form:
################################################################## # Part II - Traditional Configuration. ################################################################## # An alternative method for bringing up all the default interfaces # is to specify explicitly which interfaces to configure using the # ifconfig command. Ifconfig requires the configuration information # be specified on the command line. Ifconfig will not update the # information kept in the ODM configuration database. # # Valid network interfaces are: # lo=local loopback, en=standard ethernet, et=802.3 ethernet # sl=serial line IP, tr=802.5 token ring, xt=X.25 # # e.g., en0 denotes standard ethernet network interface, unit zero. # # Below are examples of how you could bring up each interface using # ifconfig. Since you can specify either a hostname or a dotted # decimal address to set the interface address, it is convenient to # set the hostname at this point and use it for the aress of # an interface, as shown below: # #/bin/hostname robo.austin.ibm.com >>$LOGFILE 2>&1 # # (Remember that if you have more than one interface, # you'll want to have a different IP address for each one. # Below, xx.xx.xx.xx stands for the internet address for the # given interface). # #/usr/sbin/ifconfig lo0 inet loopback up >>$LOGFILE 2>&1 #/usr/sbin/ifconfig en0 inet 'hostname' up >>$LOGFILE 2>&1 #/usr/sbin/ifconfig et0 inet xx.xx.xx.xx up >>$LOGFILE 2>&1 #/usr/sbin/ifconfig tr0 inet xx.xx.xx.xx up >>$LOGFILE 2>&1 #/usr/sbin/ifconfig sl0 inet xx.xx.xx.xx up >>$LOGFILE 2>&1 #/usr/sbin/ifconfig xt0 inet xx.xx.xx.xx up >>$LOGFILE 2>&1 # # # Now we set any static routes. # # /usr/sbin/route add 0 gateway >>$LOGFILE 2>&1 # /usr/sbin/route add 192.9.201.0 gateway >>$LOGFILE 2>&1
Note the following information before you begin:
The following steps tell how to use SAM to automatically add entries to /etc/hosts:
To replace the current default gateway (if there is one), select the Modify Default Gateway Action from the Internet Connectivity menu (under the Remote System Connectivity area).
If you want to delete the default gateway that you added with SAM's Specify the Default Gateway form, you must do it manually with the following:
Enter the following command at the HP-UX prompt:
/etc/route delete default gateway_hostname
Edit the /etc/netlinkrc file to remove the corresponding /etc/route add default entry for the gateway.
You can modify /etc/inetd.conf if you have special requirements, but it is properly configured when you receive it with the LAN product.
Anytime inetd is started up, it reads the/etc/inetd.conf file. If you modify the /etc/inetd.conf entry for a service, use the inetd -c command to reconfigure inetd while it is still running.
The /etc/inetd.conf file contains an entry for each ARPA server started by inetd on your host, with the exception of rcp, whose server is remshd. sendmail, named, and gated provide their own daemons, and their servers are not started by inetd.
The /usr/adm/inetd.sec file is a security file used by the daemon inetd. The /usr/adm/inetd.sec file provides an extra security layer beyond any security check done by the services. It allows the node manager to determine how many remote services can run simultaneously on the local host and which hosts or networks are allowed to remotely use the local host. This check is done before the service's security check. The inetd daemon reads the /usr/adm/inetd.sec file and checks the address of any host requesting a service. The inetd daemon only allows the requesting host to access a particular service if it is not forbidden by /usr/adm/inetd.sec.
NOTE If inetd is running, it rereads /usr/adm/inetd.sec when you make changes to it. Your changes are applied to any services started up after the file is reread, but not to any services currently running.
If you choose to put a limit on the number of services that can be used remotely at any one time, use the following entry in the first line of /usr/adm/inetd.sec:
MAXNUM number
where number is the maximum number of simultaneous remote services allowed.
If MAXNUM is declared, it must be the first line of data in the file. MAXNUM default is 1000.
You can allow and deny remote systems access to local ARPA Services by using SAM or by manually editing the /usr/adm/inetd.sec file.
SAM does not allow you to set the maximum number of connections by which remote users access local services. If you want to set this number, edit /usr/adm/inetd.sec manually.
The following steps tell how to use SAM to allow or deny remote systems access to local ARPA Services:
The /etc/ftpusers file is a security file for ftpd. You must create this file if you want to use it. ftpd checks locally for this file before allowing a remote login to the local host. If the remote user specifies an account on the local host that is listed in /etc/ftpusers, the remote connection is denied.
You can use SAM to create /etc/ftpusers or you can manually create and edit this file.
If you have already manually configured an /etc/hosts.equiv file with entries other than those of the form hostname or hostname username do not use SAM to configure /etc/hosts.equiv. SAM does not recognize, display or add entries of other forms (such as +, -, %, or +@example_nfsnetgroup).
You can use SAM to create a $HOME/.rhosts file for the local superuser account only. (You cannot create $HOME/.rhosts files for local non-superuser accounts with SAM.)
If you have already manually configured a $HOME/.rhosts file and did not use entries of the following forms hostname or hostname username do not use SAM to configure $HOME/.rhosts. SAM does not recognize, display or add entries of other forms (such as +, -, %, or +@example_nfsnetgroup).
The following steps tell how to use SAM to let a remote system's user(s) become superuser on your local host without having to enter a password:
The /etc/rc script is executed when your system boots. It calls the /etc/src.sh file to set the hostname of your system. The /etc/rc script calls the /etc/netlinkrc script which initializes your networking. If you configure networking manually, this is the script to modify. The following are included in /etc/netlinkrc:
/etc/nettl, the logging daemon
/etc/ifconfig
/etc/lanconfig
/etc/route
/bin/nodename
/etc/rlbdaemon, the remote loop back daemon
/etc/netnfsrc, the script that starts NFS
/etc/netbsdrc, the script that starts ARPA/BSD networking services
/etc/netnfsrc2, which makes NFS mounts and starts automounter
/etc/netnssrc, which starts NS services
TCP/IP is a standard product, but configuring it differs considerably in AIX and HP-UX. Like so many items in AIX, networking configuration by default is part of the ODM configuration database. Therefore changes to networking files such as /etc/inetd.conf and /etc/services require the inetimp command to update the ODM. It is easier, however, to use SMIT to configure TCP/IP because doing so insures that the ODM is brought up to date automatically. You do have the option in AIX to configure TCP/IP using the traditional commands ifconfig and route, and to make your changes permanent by either editing the /etc/rc.net file, in which case you retain SRC support, or editing /etc/rc.bsdnet, entailing no SRC support.
HP-UX has a traditional means of configuring TCP/IP. However, using SAM can make the process a lot easier. HP-UX also has a /usr/adm/inetd.sec file, which AIX does not, that adds an extra layer of security for TCP/IP.
[Next Chapter: 10. Domain Name Service]
Provide feedback to: alan_roberts@hp.com