IPFilter with rdr entry on Solaris

From: Andreas Höschler (ahoesch_at_smartsoft.de)
Date: 01/30/04

  • Next message: Chris Hoogendyk: "saving disksuite info while rebuilding server" 
    Date: Fri, 30 Jan 2004 19:06:55 +0100
To: sunmanagers@sunmanagers.org

    Dear managers,

    I am referring to my earlier request with the subject "Forwarding with
    IPFilter on Solaris". I am trying to redirect requests to

            <external ip address of firewall server> port = 8080

    to a machine in the local subnet at port 80. From the FAQs and docs I
    learned that this is basic stuff and should only require the following
    additional lines:

    /etc/opt/ipf/ipf.conf:
    ===============
    pass in log quick on hme0 proto tcp from any to any port = 80 keep state

    /etc/opt/ipf/ipnat.conf:
    ==================
    rdr hme0 0.0.0.0/0 port 8080 -> 192.168.1.10 port 80

    hme0 is the external interface with a static ISP address. hme1 is the
    interface connected to the local subnet 192.168.1.0. I expected this to
    simply work after doing

            ipf -Fa -f /etc/opt/ipf/ipf.conf
            ipnat -v -CF -f /etc/opt/ipf/ipnat.conf

    However, it does not. The connection simply times out. I did "tail -f
    /var/log/fw.log" while trying to connect, but nothing is logged when I
    do

            telnet <external ip address of firewall> 8080

    I also upgraded from ip-fil3.4.27 to ip-fil3.4.33pre2 which made no
    difference. I am stuck. Has anybody got this working on Solaris 8
    Sparc? Any hints would be greatly appreciated.

    Thanks a lot!

    Regards,

        Andreas
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Chris Hoogendyk: "saving disksuite info while rebuilding server"