ziggy_9mm
asked on
Intermittent Problem....Default Gateway??
Running HPUX 11
I will try and explain this incredibly odd problem like this..........say you set up a ping OUTSIDE of you network (ie after firewall) and it works fine, but then it stops(after about 2 minutes) the only way to get it to work again(besides rebooting) is to go into the SAM -> Networking and Communications -> Hosts -> Actions -> Configure DF Gateway And hit Ok. And magically the ping continue's. At first i thought dup IP but its not. Oh yeah and for the really weird part when you cant ping outside you can still ping everything inside the firewall. Its a checkpoint firewall and it DOES NOT show anything getting dropped in my "Blackout" period, and it does show my packets getting out when it works. Please if you have any idea's im tapped iv tried everything.
I will try and explain this incredibly odd problem like this..........say you set up a ping OUTSIDE of you network (ie after firewall) and it works fine, but then it stops(after about 2 minutes) the only way to get it to work again(besides rebooting) is to go into the SAM -> Networking and Communications -> Hosts -> Actions -> Configure DF Gateway And hit Ok. And magically the ping continue's. At first i thought dup IP but its not. Oh yeah and for the really weird part when you cant ping outside you can still ping everything inside the firewall. Its a checkpoint firewall and it DOES NOT show anything getting dropped in my "Blackout" period, and it does show my packets getting out when it works. Please if you have any idea's im tapped iv tried everything.
gheist
probably your default router (checkpoint) should respond to pings and allow nameserver access
Presumably the default route you are setting is via the firewall/gateway - And HP-UX is dropping that every couple of minutes.
What does netstat -r show as the default gateway before and after the failures?
I suspect that GateD is running, which will override the default you've set up unless it's specifically configured in gated.conf; GateD relies on routers advertising what routes they can reach - Which the firewall probably doesn't do
What does netstat -r show as the default gateway before and after the failures?
I suspect that GateD is running, which will override the default you've set up unless it's specifically configured in gated.conf; GateD relies on routers advertising what routes they can reach - Which the firewall probably doesn't do
I agree with tfewster that it must have something to do with routing protocols. The time it takes until it stops (2 minutes) sounds a little like a RIP thing. maybe some other device (not the firewall) is doing rip-announcements that are taken up by your hpux.
To solve, I'd disable gated if it's running (you most probably dont need it anyway) or configure it correctly (/etc/gated.conf)
To solve, I'd disable gated if it's running (you most probably dont need it anyway) or configure it correctly (/etc/gated.conf)
ASKER
netstat -r shows
default 10.210.86.2 UG 0 lan0 0
which the IP adx is correct.
and /ect/gated.conf shows just
rip yes;
How do you disable gated? Sorry im a WIN2K guy. Thanks for the help.
default 10.210.86.2 UG 0 lan0 0
which the IP adx is correct.
and /ect/gated.conf shows just
rip yes;
How do you disable gated? Sorry im a WIN2K guy. Thanks for the help.
rip no;
if not obvious ...
if not obvious ...
ASKER
Yeah Gee thanks you must be an expert. But anyway I tried rip no; and I tried adding this to gated.conf
static {
default gateway 10.210.86.2 retain ;
};
then i stopped and started it, same thing. Any other ideas?
static {
default gateway 10.210.86.2 retain ;
};
then i stopped and started it, same thing. Any other ideas?
probably /etc/rc.config.d/netconf can be edited to not start gated
another thing to try....
can you make a
traceroute www.google.com
when it is not working, and post the output here ?
can you make a
traceroute www.google.com
when it is not working, and post the output here ?
I reckon that http:#13964032 , http:#13972561 and http:#13975847 identified the problem and gave a solution (unless ziggy_9mm actually needs gated running?)
ASKER
I fixed it, what I did was I pointed the server straight at my cisco cataylst and made the switch act as a default gateway for the server, not sure why it worked but it did. Thanks for the idea's I tried them all but no joy.
Dear Ziggy - this basically means that you put up incomplete picture in question.
fine by me
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.