Summary: Tcp/Udp port mapping (equivalent of firewall NAT)

From: sunhux G <>
Date: Wed Jan 14 2009 - 06:05:48 EST
Thanks to Ric, Hendrik, Peter, Nick, Francisco, Matthew & Crist.

Extracted below a couple of selected replies :

Though I don't know how to change our Oracle SSO & Oracle
GC applications to bind to a different IP addr, I do know
how to do this for the UPS software.

My plan is to create an alias/secondary address on the
existing NIC port & bind the UPS software to this address.


If you can force your applicatin and UPS software to listen only on a
specific IP, then you can easily create/add the extra IP on the
machine, and then make the two of then listen to the same TCP port
number, but each one have it's own IP.

BUT it needs to be configured on the application & UPS software to
only listen to one IP, and not on all of them.


The "right" way is to have a way to tell your application or
applications what address they should bind to. That is, if
you have a system with multiple IP addresses, it is perfectly
OK for one application to bind to, another
to, while a third binds to IN_ADDR_ANY:6003
(that is, a "wildcard" of sorts). Anything trying to connect
to the specific addresses gets the application listening on
that address, and anything else gets sent to the one listening
for any.

Of course, your application has to know to do this. Many don't
know how or do not give the user the means to control it; they
just always bind to IN_ADDR_ANY. In that case, there are a few
kludges available.

Like you said, doing NAT is available. Solaris 10 has IPFilter,
and it can be used to do this. Tell your backup application
to listen on 6007. Give the interface additional address
just for backup purposes. Then define a static NAT translation,

       rdr bge0 port 6003 -> port 6007 tcp

Where is the "extra" address and the second IP
is the "regular" address (although there is no reason the
second IP couldn't be the extra address too).

Another option with Solaris 10 is using zones. This could be
a pretty clean way to do it as long as you have the backup
program in the global zone. That would mean putting the other
application into a non-global zone, which may or may not be
acceptable. You could run the backup in the non-global zone,
but it may be pretty kludgly to get it to be able to see the
whole system and would definitely take some customizations
to the zone.

On Tue, Jan 13, 2009 at 12:59 PM, sunhux G <> wrote:

> Hi,
> We have almost 100 servers that were recently installed with
> a UPS software that makes use of Tcp 6003.  Unfortunately
> for 3 of the servers, the application uses Tcp 6003 ie clashed.
> It's possible for the UPS client software to be configured to use
> another port, say Tcp 6007.  However, the central UPS controlller
> that send signals (when there's AC power failure) to servers to
> shut down the servers can only work with one single port, ie it
> can't selectively work with 97 servers on Tcp 6003 while the
> remaining 3 via Tcp 6007.
> Is there anyway to work around this?  Any equivalent of port
> mapping (for Network Addr Translation??).  On a single NIC,
> we can define multiple addresses (alias) but can we have
> multiple applications listening on a common Tcp ports?
> Thanks
> U
sunmanagers mailing list
Received on Wed Jan 14 06:06:05 2009

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:13 EST