aix 查看防火墙状态_aix防火墙怎么样设置

aix防火墙对我们来说是非常重要的，你会不会设置呢?下面由小编给你做出详细的aix防火墙设置方法介绍!希望对你有帮助!

aix防火墙设置方法一：

1. 使用smit命令打开图形化窗口进行系统配置

2. 选择以下子项开启或关闭防火墙Communications Applications and Services->Tcp IP->Configure Ip Security(IPv4)->Start/Stop IP Security->Start IP Security

3. 也可以使用以下子项对防火墙进行配置Communications Applications and Services->Tcp IP->Configure Ip Security(IPv4)->Start/Stop IP Security->Advantanced IP Security Configuration

aix防火墙设置方法二：

IPTRACE 可以看见防火墙上的网络通信状况，典型的命令格式如下： iptrace -d OUTSIDE_IP_ADDRESS -b /tmp/trace.out 其中 -d 参数后跟目标地址

-b 代表双向通信 要想看见网络的通信状况或发现故障的原因

做如下几步：

1. 运行 iptrace 命令 iptrace -d OUTSIDE_IP_ADDRESS -b /tmp/trace.out

2. 当故障发生时，杀掉 iptrace 进程。 用 "ps -ef|grep iptrace"命令来获得iptrace 的进程号。 然后用 "kill -9 PROCESS_ID" 命令来停止trace。

相关阅读：

aix网关查看方法

查看当前的默认网关

netstat -rn

会看到有多条的default.

如果用route命令(或smitty route)去删除，下次重启后，又会回来;所以要从ODM里删除。

2.查看ODM信息

# lsattr -El inet0

authm 65536 Authentication Methods True

bootup_option no Use BSD-style Network Configuration True

gateway Gateway True

hostname appserv1 Host Name True

rout6 IPv6 Route True

route net,-hopcount,0,,0,192.111.10.251 Route True

route net,-hopcount,0,,0,192.110.9.63 Route True

route net,-hopcount,0,,0,192.111.11.251 Route True

route net,-hopcount,0,,0,192.110.9.251 Route True

# odmget -q "name=inet0" CuAt

CuAt:

name = "inet0"

attribute = "hostname"

value = "host1"

type = "R"

generic = "DU"

rep = "s"

nls_index = 24

CuAt:

name = "inet0"

attribute = "route"

value = "net,-hopcount,0,,0,192.111.11.251"

type = "R"

generic = "DU"

rep = "s"

nls_index = 0

CuAt:

name = "inet0"

attribute = "route"

value = "net,-hopcount,0,,0,192.111.10.251"

type = "R"

generic = "DU"

rep = "s"

nls_index = 0

CuAt:

name = "inet0"

attribute = "route"

value = "net,-hopcount,0,,0,192.110.9.251"

type = "R"

generic = "DU"

rep = "s"

nls_index = 0

CuAt:

name = "inet0"

attribute = "route"

value = "net,-hopcount,0,,0,192.110.9.63"

type = "R"

generic = "DU"

rep = "s"

nls_index = 0

其中正确的应是192.110.9.63，其它都是多余的。

3.逐条删除没用的默认路由

# chdev -l inet0 -a delroute="net,-hopcount,0,,0,192.111.11.251"

Method error (/usr/lib/methods/chginet):

0514-068 Cause not known.

0821-279 writing to routing socket: The process does not exist.

0821-103 : The command /usr/sbin/route delete -net -hopcount 0 0 192.111.11.251 failed.

###删除其它(略)###

出现上面的报错信息，应该是AIX5.3的“误报”(至少在5300-08-01上是这样，AIX6不会)可以不用理会。

4.确认生效

# lsattr -El inet0

authm 65536 Authentication Methods True

bootup_option no Use BSD-style Network Configuration True

gateway Gateway True

hostname appserv1 Host Name True

rout6 IPv6 Route True

route net,-hopcount,0,,0,192.110.9.63 Route True

# odmget -q "name=inet0" CuAt

CuAt:

name = "inet0"

attribute = "hostname"

value = "appserv1"

type = "R"

generic = "DU"

rep = "s"

nls_index = 24

CuAt:

name = "inet0"

attribute = "route"

value = "net,-hopcount,0,,0,192.110.9.63"

type = "R"

generic = "DU"

rep = "s"

nls_index = 0

# netstat -rn

Routing tables

Destination Gateway Flags Refs Use If Exp Groups

Route Tree for Protocol Family 2 (Internet):

default 192.110.9.63 UG 1 286227 en0 - -

127/8 127.0.0.1 U 9 337 lo0 - -

192.110.9.0 192.110.9.21 UHSb 0 0 en0 - - =>

192.110.9/24 192.110.9.21 U 22 1151844 en0 - -

192.110.9.21 127.0.0.1 UGHS 2 5510 lo0 - -

192.110.9.255 192.110.9.21 UHSb 0 4 en0 - -

Route Tree for Protocol Family 24 (Internet v6):

看了“aix防火墙怎么样设置”文章