Hello,
using two sunray server attached up to 4 networks in a failover group we
got a problem with X11 sessions in a kiosk session when firewall is
involved.
I want to describe the setup ...:
sunray network setup is:
svi08 # utadm -l
LAN connections: On
Use IPv4 multicast
Subnetwork: 192.168.181.0
Netmask= 255.255.255.0
AuthSrvr= 192.168.181.28
AltAuth= 192.168.181.28
FirmwareSrvr= 192.168.181.28
NewTver= 4.2_140993-06_2010.10.08.21.53
Subnetwork: 192.168.184.0
Netmask= 255.255.255.0
AuthSrvr= 192.168.35.18
AltAuth= 192.168.35.18
FirmwareSrvr= 192.168.35.18
NewTver= GUI4.2_140993-06_2010.10.08.21.53
Subnetwork: 192.168.188.0
Netmask= 255.255.255.0
AuthSrvr= 192.168.188.28
AltAuth= 192.168.188.28
FirmwareSrvr= 192.168.188.28
NewTver= 4.2_140993-06_2010.10.08.21.53
Subnetwork: 192.168.198.0
Netmask= 255.255.255.0
AuthSrvr= 192.168.35.18
AltAuth= 192.168.35.18
FirmwareSrvr= 192.168.35.18
NewTver= GUI4.2_140993-06_2010.10.08.21.53
Subnetwork: 192.168.35.0
Netmask= 255.255.255.0
AuthSrvr= 192.168.35.18
AltAuth= 192.168.35.18
FirmwareSrvr= 192.168.35.18
NewTver= 4.2_140993-06_2010.10.08.21.53
The network is like this for both sunray servers:
svi08 # ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.35.18 netmask ffffff00 broadcast 192.168.35.255
ether 0:b:5d:e6:32:88
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.188.28 netmask ffffff00 broadcast 192.168.188.255
ether 0:b:5d:e6:32:89
bge2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 192.168.32.208 netmask ffffff00 broadcast 192.168.32.255
ether 0:b:5d:e6:32:8a
bge3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
inet 192.168.181.28 netmask ffffff00 broadcast 192.168.181.255
ether 0:b:5d:e6:32:8b
sppp0:
flags=10010008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4,FIXEDMTU>
mtu 1500 index 6
inet 192.168.224.2 --> 192.168.224.1 netmask ffffff00
ether 0:0:0:0:0:0
interface names are:
svi08 # for i in `ls -1 /etc/hostname.*`; do echo $i;cat $i; done
/etc/hostname.bge0
svi08-35
/etc/hostname.bge1
svi08
/etc/hostname.bge2
svi08-32
/etc/hostname.bge3
svi08-181
The nodename "svi08" is not used on a physical interface...
A DTU is configured to use kisok session. In this session we establish a
X11 session to another server (local zone) :
process table looks like:
svi08 # ptree 11268
1222 /usr/dt/bin/dtlogin -daemon
10861 /usr/dt/bin/dtlogin -daemon
11189 /bin/ksh /opt/SUNWkio/lib/Xsession
11265 /opt/SUNWkio/lib/kioskcrit
/var/run/opt/SUNWkio/sessions/utku0/kios
11268 /bin/bash -x
/etc/opt/SUNWkio/sessions/meta-kiosk/meta-kiosk-sess
11289 /usr/X11/bin/Xephyr :1 -ac +bs -once -query sv700
-fullscreen
So svi08 connects to sv700 server (located in 192.168.181.0 network) to
get X11 session on display :1 at DTU
sv700 start internal application and all i fine ...
sv700 # ptree 26742
17022 zsched
18163 /usr/openwin/bin/xdm
26613 /usr/openwin/bin/xdm
26742 /appl/local/bin1/Net -display svi08-35.domain.de:1 Ho
26778 /usr/local/bin/fvwm2 -f /export/home/homan/.fvwm2rc
26783 /usr/local/bin/FvwmTaskBar 7 4 none 0 8
routing is:
svi08 # netstat -r
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default r188.domain.de UG 1 108
192.168.181.0 svi08-181 U 1 26 bge3
192.168.188.0 svi08 U 1 25 bge1
192.168.32.0 svi08-32 U 1 7 bge2
192.168.35.0 svi08-35 U 1 29 bge0
192.168.224.1 192.168.224.2 UH 1 1 sppp0
BASE-ADDRESS.MCAST.NET svi08 U 1 0 bge1
localhost localhost UH 8 2205 lo0
Checking network traffic at the interfaces shows:
*
startpoint of the communication uses bge3 interface*
svi08 # snoop -d bge3 sv700
Using device bge3 (promiscuous mode)
svi08-35 -> sv700.domain.de TCP D=63277 S=6001 Ack=2749584401
Seq=1263907493 Len=0 Win=49640
svi08-35 -> sv700.domain.de TCP D=63275 S=6001 Push Ack=2749181558
Seq=1263761035 Len=64 Win=49640
svi08-35 -> sv700.domain.de TCP D=63278 S=6001 Push Ack=2749691609
Seq=1264203846 Len=128 Win=49640
svi08-35 -> sv700.domain.de TCP D=63275 S=6001 Ack=2749181570
Seq=1263761099 Len=0 Win=49640
...
Server svi08 uses correct interface in 181.0 network to connect to
server sv700, BUT uses host/interface name of the .35.0 network svi08-35 ...
Server sv700 answers to svi08-35 interface name, see...
svi08 # snoop -d bge0 sv700
Using device bge0 (promiscuous mode)
sv700.domain.de -> svi08-35 TCP D=6001 S=63278 Push Ack=1264245966
Seq=2749765529 Len=16 Win=49640
sv700.domain.de -> svi08-35 TCP D=6001 S=63278 Push Ack=1264245998
Seq=2749765545 Len=16 Win=49640
sv700.domain.de -> svi08-35 TCP D=6001 S=63278 Push Ack=1264246094
Seq=2749765561 Len=40 Win=49640
...
*answer comes in at bge0 interface*
So this is a strange behaviour, but it works. But there is a firewall
connected to 188.0 network segment. This firewall does not allow this
kind of triangle communication !
There is a need to control communication path for direct attached
networks and through the firewall ...
my question is : I there a way to configure "primary interface and/or
name" for X11 communication
many thanks for your help !
Chrisitan
--
Dr. Christian Röser
Hüttenwerke Krupp Mannesmann
Abt.: CI-P (Prozessrechner)
Büro: Verwaltung 3, Etage 3
Tel: 0203-999-2381
Mobil: 0172-2371269
Mail: [email protected]
Web: www.hkm.de
Hüttenwerke Krupp Mannesmann GmbH, Ehinger Str. 200, D-47259 Duisburg
Geschäftsführung: Peter Gasse, Dr. Rolf Höffken, Dr. Clemens Stewing
Vorsitzender des Aufsichtsrats: Dipl.-Betriebswirt Wolfgang Eging
Sitz der Gesellschaft: Duisburg
Eintragung im Handelsregister: Amtsgericht Duisburg HRB 4716
http://www.hkm.de
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
