Summary: IPFilter with rdr entry on Solaris

From: Andreas Höschler (ahoesch_at_smartsoft.de)
Date: 01/30/04

  • Next message: Christopher L. Barnard: "automated password change for a non-root user" 
    Date: Fri, 30 Jan 2004 20:14:29 +0100
To: sunmanagers@sunmanagers.org

    Hi all,

    I would like to summarize the results of my research. It turned out
    that my ipf and nat files were correctly configured. However, it seems
    to be pretty important that the target machine - the one the data is
    forwarded to - has the firewall set as its default gateway. After
    making a corresponding entry in /etc/defaultrouter on this machine it
    started working.

    Regards,

        Andreas

    >> I am referring to my earlier request with the subject "Forwarding with
    >> IPFilter on Solaris". I am trying to redirect requests to
    >>
    >> <external ip address of firewall server> port = 8080
    >>
    >> to a machine in the local subnet at port 80. From the FAQs and docs I
    >> learned that this is basic stuff and should only require the following
    >> additional lines:
    >>
    >> /etc/opt/ipf/ipf.conf:
    >> ===============
    >> pass in log quick on hme0 proto tcp from any to any port = 80 keep
    >> state
    >>
    >> /etc/opt/ipf/ipnat.conf:
    >> ==================
    >> rdr hme0 0.0.0.0/0 port 8080 -> 192.168.1.10 port 80
    >>
    >> hme0 is the external interface with a static ISP address. hme1 is the
    >> interface connected to the local subnet 192.168.1.0. I expected this
    >> to
    >> simply work after doing
    >>
    >> ipf -Fa -f /etc/opt/ipf/ipf.conf
    >> ipnat -v -CF -f /etc/opt/ipf/ipnat.conf
    >>
    >> However, it does not. The connection simply times out. I did "tail -f
    >> /var/log/fw.log" while trying to connect, but nothing is logged when I
    >> do
    >>
    >> telnet <external ip address of firewall> 8080
    >>
    >> I also upgraded from ip-fil3.4.27 to ip-fil3.4.33pre2 which made no
    >> difference. I am stuck. Has anybody got this working on Solaris 8
    >> Sparc? Any hints would be greatly appreciated.
    >>
    >> Thanks a lot!
    >>
    >> Regards,
    >>
    >> Andreas
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Christopher L. Barnard: "automated password change for a non-root user"

    Relevant Pages

    • RE : ipf and NIS
      ... 2049, thus improving firewall support. ... Best regards, ... Objet: **SPAM** ipf and NIS ... The object is to restrict access with the ipf firewall. ...
      (Focus-SUN)
    • RE: ERROR 403.6 WHEN TRYING TO SET UP A CLIENT
      ... Regards. ... >Opened IIS Manager ... >the address range of the local subnet is included. ... Directory Security tab. ...
      (microsoft.public.windows.server.sbs)
    • blocking yahoo messenger
      ... how can I block yahoo messenger using ipf? ... Regards, ... Imran Imtiaz ... Prev by Date: ...
      (freebsd-questions)
    • Re: ipf
      ... Subject: ipf ... Derkjan ... To unsubscribe, ...
      (freebsd-stable)
    • RE: RE : ipf and NIS
      ... The OP is asking about NIS not NFSv4:) ... Best regards, ... Objet: **SPAM** ipf and NIS ...
      (Focus-SUN)