Re: Simple NAT setup

Rich Teer wrote:
On Wed, 31 Jan 2007, "Thommy M. Malmström" wrote:

bigblue# cat /etc/ipf/ipnat.conf
map nge0 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map nge0 10.0.0.0/24 -> 0/32 portmap tcp/udp auto
map nge0 10.0.0.0/24 -> 0/32

That looks OK, on the assumption that you're not running any
services that you want to be available from outside (like a
mail or web server).

Not yet...

bigblue# cat /etc/ipf/ipf.conf
#
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
pass in quick on tu0 from 192.168.0.0/24 to any keep state

My /etc/ipf/ipf.conf file unchanged from the default, although
that might not be optimal. :-)

This I picked up from here
http://www.mail-archive.com/ipfilter@xxxxxxxxxxxxxxxxx/msg06963.html


bigblue# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 forwarding enabled enabled

OK.

[...]

QUESTION: What do I need to do on my inside machine 10.0.0.2 to access
Internet?

Have you enabled your port types in /etc/ipf/pfil.ap? The appropriate
entries need to be uncommented (or added) and the ipf service restarted.

Only for the "outbound" i.e. nge Should tu be there too?

So, Rich, can't you make an easy sketch of you config for us dummies to
follow?

Apart from my pfil.ap and ipf.conf, my set up is essentailly the same
as yours. Here's a diagram of my network:


+----------------------------+ +--------------------+
+-----------+ | Sun Netra T1 105 | | Netgear GS516T |
ISP----|cable modem|----|hme1 gatekeeper hme0|----| 16 port GBE switch |
+-----------+ |24.xx.xx.xx 192.168.0.254| | |
+----------------------------+ +--------------------+
| | | |
E220R U20 SB1K ...
Server Workstations


Gatekeeper is currently running S10 3/05; an upgrade to S10 11/06 is imminent.

Thanks Rich for your prompt answer. Will try to add tu in pfil.ap when at office again...
.

Relevant Pages

  • Re: Connecting To New Server
    ... "Rich Teer" wrote in message ... >> I'm about to grab my first Sun server which does not have video output. ... > You hook up a null modem to TTYA, and use a serial console. ...
    (comp.sys.sun.hardware)
  • Re: What is an application server?
    ... taking some osrt of database driven web application ... > I can see that a separate database server is pretty much ... > Rich Teer, SCNA, SCSA ... "The day Microsoft makes something that doesn't suck is probably ...
    (comp.sys.sun.admin)
  • Re: Solaris 10 Webhosting
    ... Rich Teer wrote: ... to deploying the X4200 server I'll be using. ... No ETA yet, as I'm ... If you offer some cheap basic service plans you can consider me your first customer. ...
    (comp.unix.solaris)
  • Re: Simple NAT setup
    ... # IP Filter rules syntax. ... pass in quick on tu0 from 192.168.0.0/24 to any keep state ... Have you enabled your port types in /etc/ipf/pfil.ap? ... Server Workstations ...
    (comp.unix.solaris)
  • [kde-linux] POP Filters
    ... by "Filter Rules" which correctly puts them in the wasetbin. ... Is it me or doesn't POP filters work like I expect it to! ... the headers and delete them from the server as instructed. ...
    (KDE)