I'm trying to update my AIX OpenBeta with fixpacks from AIX 6.1 and get the following error:
aix cannot load instsecattr symbol resolution failed symbol __pthread (number 138) is not exported from dependent module libpthreads.a(shr_xpg5.o)
The command is used for storing hash data in a security database, which I don't really care about because it's a home development and learning machine.
There are two ways to take care of this. (Actually three, see last comment, but I doubt it is useful for you). 1) Use the ASMI interface to reset the system LED 2) Use a HMC Service Tool to do the same. (I dont have access to an HMC right now, or I would give you the exact name of the Service Tool)
Note: Power Off/Power On does NOT reset the flashing System Indicator (HMC Warning) - only a Factory Reset, or one of the two methods above will stop the flashing.
We recently experienced an unplanned power outage in our data center and have had a few issues as a result. Fortunately, as far as I can tell the only components of the system that were affected were the TSM tape library and the HMC, and perhaps a fiber channel switch connecting the tape library to the TSM server (which is extremely lucky).
I have halted and restarted TSM which can now see the library and appears to be using it happily so Im pretty sure that that side of things is o.k.
In my HMC I can see a couple of exclamation mark warnings for each of the P570s. I checked the SFP and there were a couple of issues: one referred to a communications fault between the service processors and the HMC (not surprising considering it lost power!) and the other was an error stating that too many fiber channel errors had been received (again not surprising as the tape library had lost power).
Now, I have closed both of those down in the SFP, but the yellow exclamation marks remain. Is it the case that I need to reboot the p570s before these are cleared down or is that wishful thinking?
Should I continue to look for problems and escalate to IBM as appropriate?
Glad you got it working - especially using SMIT. I have only used SMIT for configuring the bos.net.ipsec filesets. Your command layout looks quite different from what I am used to.
Rules 3-8 are for local traffic, 9-16 are for SMTP traffic I permit, 16 is actually my deny all rule - so I could log attempts, 17-18 were test rules for setting up inbound and outbound traffic, and rule 19 was to log all other traffic - so I could find traffic I wanted to permit, but was not being caught in an earlier rule. Rule 0 is the 'official' default rule.
Besides ipfiltering (based on AIX bos.net.ipsec, not a package named ipfilter), I also use a tool of John's that monitors failed logins, etc. to dynamically add rules for improper activity, and optionally delete the rules after a certain delay.
OK. Just checking - but I assume you mean the java based console session.
I do not know exactly which ports are being used, but I am told it is also using openssl in some way to keep the information encrypted (something the gui console did not do, by default, prior to HMC v7.X.
The quickest work around for now would be to have 'users' who need console access to login to the HMC and use the command vtmenu to select the managed system, and partition you want a console to attach to.
Hope this at least resolves the short term problem.
Now we tunnel the HMC(443) through PUTTY with an ssh tunnel, HMC 443 ->csm -> workstation 443.
We can open up almost everything. ASM menu is working DLPAR is working, en HMC onfiguration is all working.
But we arent able to open a Terminal Window to a LPAR.
we tried forwarding port 9735(vtty) and 2302(5250 terminal). but this doest work either.
Is there another port we are forgetting or is it not possible to tunnel the console.
Should we place the HMC in de 10.76.12 range aswel to get this working. This is not what we want because the HMC should not be available directly. on the workstation LAN.
Hi! I solved my problem. The working rules are in this rows below: 4 165 permit remoteip 255.255.255.255 localip 255.255.255.255 y all any 0 eq 1414 all local both yes yes 0 no 0 patt_none 4 166 permit remoteip 255.255.255.255 localip 255.255.255.255 y all any 0 eq 1415 all local both yes yes 0 no 0 patt_none 4 167 deny 0.0.0.0 0.0.0.0 localip 0.0.0.0 y all any 0 eq 1414 all both both yes yes 0 no 0 patt_none 4 168 deny 0.0.0.0 0.0.0.0 localip 0.0.0.0 y all any 0 eq 1415 all both both yes yes 0 no 0 patt_none
Thanks! Toth
Yes I installed ipfilter from extension dvd, and use this menus: smit/Communications Applications and Services/TCP/IP/Configure IP Security (IPv4)
Hi! I try use ipfilter under Aix 5.3 TL6. But I don't understand filter rules. I want to filtering 1 ports packets. First deny all packet to 1058 port number from all hosts, and allow connection from some host to 1058. genfilt -v 4 -a P -s LOCALIP -m 255.255.255.255 -d REMOTEIP -M 255.255.255.255 -g Y-c all -o any -p 0 -O eq -P 1058 -r L -w O -l Y -f Y -i all genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d LOCALIP -M 0.0.0.0 -g Y -c any -o any -p 0 -O eq -P 1058 -r B -w B -l Y -f Y -i all
