Network

01. Configuring Network in HP-UX
02. Network Interface Cards (NIC) Management
03. Netstat and Traceroute tips
04. Autoport Aggregator (NIC Bonding)
05. Network Tracing and logging
06.Setting up FTP (wuftp) in chroot jail
07.Setting up SFTP (Secure FTP) in chroot jail

Configuring Network Parameters in HP-UX

HP-UX stores network interface configuration information on /etc/rc.config.d/netconf file. 

 # cat /etc/rc.config.d/netconf
 HOSTNAME="it-hp49"
 OPERATING_SYSTEM=HP-UX
 LOOPBACK_ADDRESS=127.0.0.1
 INTERFACE_NAME[0]="lan0"
 IP_ADDRESS[0]="216.131.195.137"
 SUBNET_MASK[0]="0xffffff00"
 BROADCAST_ADDRESS[0]="216.131.195.255"
 INTERFACE_STATE[0]=""
 DHCP_ENABLE[0]=0

 ROUTE_DESTINATION[0]="default"
 ROUTE_MASK[0]=""
 ROUTE_GATEWAY[0]="216.131.195.10"
 ROUTE_COUNT[0]="1"
 ROUTE_ARGS[0]=""

To add a alias address to lan0, add the network information to /etc/rc.config.d/netconf file 

 INTERFACE_NAME[0]=lan0:1
 IP_ADDRESS[0]=216.131.195.138
 SUBNET_MASK[0]=255.255.255.0
 BROADCAST_ADDRESS[0]=""
 INTERFACE_STATE[0]=""
 DHCP_ENABLE[0]=0
 INTERFACE_MODULES[0]=""

Restart the network service 

 /sbin/init.d/net start

Network Interface Card Management

The following commands are used to view and manage various NIC settings.

  1. lanscan
  2. lanadmin
  3. nwmgr (new in 11i v3)

lanscan
To display the network interface cards and status 

 # lanscan
 Hardware Station        Crd  Hdw   Net-Interface    NM   MAC       HP-DLPI DLPI
 Path     Address        In#  State NamePPA          ID   Type      Support Mjr#
 0/0/0/0  0x00306E1CC281 0    UP    lan0 snap0       1    ETHER       Yes   119
 1/12/0/0 0x00306E210F32 3    UP    lan3 snap3       2    ETHER       Yes   119

lanadmin
To configure the NIC cards such as speed, MTU, etc.. 

 # lanadmin (it is a interactive tool)

To find out the speed of duplex setting of lan0 

 # lanadmin -x 0
 Speed = 1000 Full-Duplex.
 Autonegotiation = On.

nwmgr (Network Interface Management)
The nwmgr program is the unified command to administer all HP-UX LAN and RDMA interfaces. This command can be used to:

  • Display information of an interface
  • Modify settings of an interface
  • Reset the interface or its statistics
  • Diagnose link connectivity
  • Create and set configuration information for a component simultaneously
  • Delete or erase components 
# nwmgr 

Name/          Interface Station          Sub-   Interface      Related
ClassInstance  State     Address        system   Type           Interface
============== ========= ============== ======== ============== =========
lan2           DOWN      0x001A4B096828 iether   1000Base-T
lan0           UP        0x001A4B097F9A iether   1000Base-T
lan1           DOWN      0x001A4B097F9B iether   1000Base-T

 # nwmgr --help -S all  # lists all the subsystems
 # nwmgr --help -S subsystem # display subsystem specific usage
To View Interface attributes
# nwmgr  -A all -c lan0
lan0 current values:
   Link State = Up
   Speed = 1 Gbps Full Duplex (Autonegotiation : On)
   MTU = 1500
   MAC Address = 0x001a4b097f9a
   Receive Flow Control = On
   Transmit Checksum Offload = Off
   Receive Checksum Offload = Off
   Virtual MTU = 0
      TCP Segmentation Offload is now disabled.
   Max Send Buffers = 1
   Max Send Coalesce Ticks = 150
   Max Recv Buffers = 1
   Max Recv Coalesce Ticks = 0
   Interrupt Throttle Mode = -1
   Diagnostics Threshold = 0
   512byte transmit buffer size limit = 0

To get interface statistics for interface lan0 

 # nwmgr --st all -c lan0

To View interface details 

 # nwmgr -q info -c lan0

To get interface vital product data 

 # nwmgr -q vpd -c lan0

To set interface attributes 

 # nwmgr -s -A attr1-value, attr2=value ... -c lan0

Reset statistics for an interface 

 # nwmgr -r --st -c lan<instance>

Some nwmgr Syntax and their Equivalent lanadmin and linkloop Syntax are given bellow 

nwmgr -S vlan	                               lanadmin -V scan
nwmgr -c lan5000	                       lanadmin -V info 5000
nwmgr -a -S vlan -A vlanid=10, ppa=1           lanadmin -V create vlanid 10 1
nwmgr -s -c lan5000 -A vlanid=20               lanadmin -V modify vlanid 20 5000
nwmgr -d -c lan5000	                       lanadmin -V delete 5000
nwmgr --cra -c lan5000	                       lanadmin -p 5000
nwmgr --diag -c lan5000 -A dest=0xaabbccddeeff linkloop -i 5000 0xaabbccddeeff

APA (Auto Port Aggregator)

/sbin/init.d/hpapa
/sbin/init.d/lm

netstat and traceroute tips

To list all the configured interfaces and IP addresses 

 # netstat -in

To force HP-UX to use specific interface card 

 # traceroute -i lan2 10.20.30.40

Network Tracing and logging

Network Tracing and Logging 

 The nettl command is a tool used to capture network events or packets.

Initialize the tracing/logging facility: 

 # nettl -start

Display the status of the tracing/logging facility. 

 # nettl -status all

How to setup FTP in chroot jail?

01. Create a group called 'ftpusers'

02. Create a user called 'user1' and make the default shell as /usr/bin/false. Add the user to "ftpusers' group.

03. Modify the home directory of the user if required. 

    user1:x:1001:500:FTP user:/home/ftphome/./user1:/usr/bin/false

The above line make the home directory of FTP user user1 as /home/ftphome. However when user1 logs in, /./user1 after /home/ftphome makes the user goes to /user1 instead of /.
02. Create a file called /etc/shells if not already present 

    # touch /etc/shells

03. Add "/usr/bin/false" to /etc/shells 

    # echo "/usr/bin/false" >> /etc/shells

04. Create /etc/ftpd/ftpaccess file as follows. The last line adds ftpuser unix group to guestgroup. Now, all the users in ftpusers group will be chrooted to their home directory. A sample file is there in /usr/newconfig/etc/ftpd/examples directory 

   class   all   real,guest,anonymous  *
   limit   all   40   Any    /etc/msgs/msg.dead
   readme  README*    login
   readme  README*    cwd=*
   message /welcome.msg            login
   message .message                cwd=*
   compress        yes             all
   tar             yes             all
   log commands real
   log transfers anonymous,real inbound,outbound
   shutdown /etc/shutmsg
   guestgroup ftpgroup

05. Modify the inetd.conf file for ftp entry to usr /etc/ftpd/ftpaccess file 

    ftp   stream tcp nowait root /usr/lbin/ftpd      ftpd -l -a /etc/ftpd/ftpaccess

06. Restart the inetd daemon 

    # inetd -c

07. Create usr/bin directory in user1's home directory and copy /sbin/ls to it. 

    # cd /home/ftphome; mkdir -p usr/bin
    # cp /sbin/cp usr/bin/

Now, if user1 log in to the system, he would be chroot to his home directory.

How to Setup Secure FTP (SFTP) in chroot jail in HP-UX?

01. Download and install the latest OpenSSH software from software.hp.com

02.Create a user called "user1" and setup password for that user

03. Make sure that user is able to login to the system using his password

04. Make the user to sftponly user by running the following command. Follow the instructions. 

    # /opt/ssh/utils/ssh_chroot_setup.sh

05. The above command will create the necessary ftp directory structure. If /ftproot was selected as the root directory for the user, then all the /usr, /etc, /dev, /bin directory structure and the required commands like ls, cd, mv, etc.. are copied to the directory structure created.
06. Copy /opt/ssh/utils/sftponly to /bin and /ftproot/bin directory 

    # cp /opt/ssh/utils/sftponly
    # cp /opt/ssh/utils/sftponly /ftproot/bin/sftponly

07. Add /bin/sftponly entry to /etc/shells file 

    # echo "/bin/sftponly" >> /etc/shells

08. Modify the user1's home directory and shell in /etc/password as follows. 

    user1:x:1000:1000:chrooted user:/ftproot/./home/user1:/bin/sftponly

09. Make sure the user1 home directory is created if not already created 

    # mkdir -p /ftproot/home/user1
    # chown user1 ftproot/home/user1

09. Now, the user is jailed within /ftproot directory. Also, user1 can not login to the system using ssh since his shell is set as /bin/sftponly.