Highlighted
Outstanding Contributor.
Outstanding Contributor.
68 views

How do I configure routing on Single Box Appliance?

Jump to solution

I have an Access Manager 4.5 SP3 Single-Box Appliance.  It was originally built with just a single NIC.  Now I want to add a second NIC and have certain proxies listen on IPs on a different subnet.  I added the second NIC and configured the IP address with YaST.  I had the AG scan for new IPs and it found the new interface and IP and I can assign it to a proxy.  But the problem is I can't seem to get traffic routed properly.  I can see in a packet trace the SYN packets hitting the server, but the server never responds.  Same with ICMP traffic.  I know I can only have a single default gateway, and that is pointing at the default route on the first interface.  What do I need to do to get traffic routed out the interface it came in on?  Do I need to use LARTC to do this or is there something simple I am missing here?  Thanks.

Matt

 

1 Solution

Accepted Solutions
Highlighted
Outstanding Contributor.
Outstanding Contributor.

I believe I figured it out.  The problem is Reverse Path Filtering.  I guess the default setting is to have that enabled and it was not correctly enforced prior to SLES 11 SP1, see this TID:

https://support.microfocus.com/kb/doc.php?id=7007649

I disabled it per that TID by putting this:

net.ipv4.conf.all.rp_filter=0

in /etc/sysctl.conf and doing: sysctl -p

And that fixed it, the secondary nic/address responds to traffic now.

I also tested using loose mode filtering (net.ipv4.conf.all.rp_filter=2) and that seems to work too so I'm thinking it might be safer to use that instead of totally disabling it.  

 

Matt

 

 

 

View solution in original post

0 Likes
1 Reply
Highlighted
Outstanding Contributor.
Outstanding Contributor.

I believe I figured it out.  The problem is Reverse Path Filtering.  I guess the default setting is to have that enabled and it was not correctly enforced prior to SLES 11 SP1, see this TID:

https://support.microfocus.com/kb/doc.php?id=7007649

I disabled it per that TID by putting this:

net.ipv4.conf.all.rp_filter=0

in /etc/sysctl.conf and doing: sysctl -p

And that fixed it, the secondary nic/address responds to traffic now.

I also tested using loose mode filtering (net.ipv4.conf.all.rp_filter=2) and that seems to work too so I'm thinking it might be safer to use that instead of totally disabling it.  

 

Matt

 

 

 

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.