Summary: IPFilter with rdr entry on Solaris

• Previous message: Chris Hoogendyk: "saving disksuite info while rebuilding server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 30 Jan 2004 20:14:29 +0100
To: sunmanagers@sunmanagers.org

Hi all,

I would like to summarize the results of my research. It turned out
that my ipf and nat files were correctly configured. However, it seems
to be pretty important that the target machine - the one the data is
forwarded to - has the firewall set as its default gateway. After
making a corresponding entry in /etc/defaultrouter on this machine it
started working.

Regards,

    Andreas

>> I am referring to my earlier request with the subject "Forwarding with
>> IPFilter on Solaris". I am trying to redirect requests to
>>
>> <external ip address of firewall server> port = 8080
>>
>> to a machine in the local subnet at port 80. From the FAQs and docs I
>> learned that this is basic stuff and should only require the following
>> additional lines:
>>
>> /etc/opt/ipf/ipf.conf:
>> ===============
>> pass in log quick on hme0 proto tcp from any to any port = 80 keep
>> state
>>
>> /etc/opt/ipf/ipnat.conf:
>> ==================
>> rdr hme0 0.0.0.0/0 port 8080 -> 192.168.1.10 port 80
>>
>> hme0 is the external interface with a static ISP address. hme1 is the
>> interface connected to the local subnet 192.168.1.0. I expected this
>> to
>> simply work after doing
>>
>> ipf -Fa -f /etc/opt/ipf/ipf.conf
>> ipnat -v -CF -f /etc/opt/ipf/ipnat.conf
>>
>> However, it does not. The connection simply times out. I did "tail -f
>> /var/log/fw.log" while trying to connect, but nothing is logged when I
>> do
>>
>> telnet <external ip address of firewall> 8080
>>
>> I also upgraded from ip-fil3.4.27 to ip-fil3.4.33pre2 which made no
>> difference. I am stuck. Has anybody got this working on Solaris 8
>> Sparc? Any hints would be greatly appreciated.
>>
>> Thanks a lot!
>>
>> Regards,
>>
>> Andreas
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Previous message: Chris Hoogendyk: "saving disksuite info while rebuilding server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages RE : ipf and NIS ... 2049, thus improving firewall support. ... Best regards, ... Objet: **SPAM** ipf and NIS ... The object is to restrict access with the ipf firewall. ... (Focus-SUN) RE: ERROR 403.6 WHEN TRYING TO SET UP A CLIENT ... Regards. ... >Opened IIS Manager ... >the address range of the local subnet is included. ... Directory Security tab. ... (microsoft.public.windows.server.sbs) blocking yahoo messenger ... how can I block yahoo messenger using ipf? ... Regards, ... Imran Imtiaz ... Prev by Date: ... (freebsd-questions) Re: ipf ... Subject: ipf ... Derkjan ... To unsubscribe, ... (freebsd-stable) RE: RE : ipf and NIS ... The OP is asking about NIS not NFSv4:) ... Best regards, ... Objet: **SPAM** ipf and NIS ... (Focus-SUN)