[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Ipfilter 3.4.31 IPNAT on 64 bit Solaris 9 on an Ultra 2
From:       morgan henning <morgan () write-way ! com>
Date:       2003-02-25 18:47:18
[Download RAW message or body]

There was some comment a while back about not applying some of the newer
kernel patches (112233-02 ?).  What patches do you have installed ?  The
actual comment in the FAQ is something about random crashes with ipf and
the new kernel patches (112233-02 and later).  Maybe this is biting you ?

--Morgan

---------- Forwarded message ----------
Date: Tue, 25 Feb 2003 10:42:28 +0100 (CET)
From: ha10415 <hans.albertsson@branneriet.se>
To: ipfilter@coombs.anu.edu.au
Subject: Ipfilter 3.4.31 IPNAT on 64 bit Solaris 9 on an Ultra 2

Dear IPFilter experts!

I need some suggestions for what to do to get ipnat on 64 bit solaris 9 to work.

I have no luck getting NAT to run at all.

I picked up the package from http://www.x-y.ca/~bruno/ (for the 31-version)
and installed ipfx then ipf.

I tried both with and without a special 64 bit ipfboot script found on
www.cites.uiuc.edu/wsg/talks/ipfilter/.


Some ipfilter actions take place, but I can't make the NAT rules work.


Network layout is this

<Tiny PC>192.168.1.2<-->192.168.1.1<hme1:Sparc Ultra2 Sol9:hme0>10.0.20.4<ISP>


I e my ISP provides a NATed network on 10.0.0.0/16, and my adress is 10.0.20.4.
I connect my hme0 to my ISP.
I connect my hme1 to a small 192.168.1.0/24 network, with but two fixed
adresses. I try to NAT that "local" network onto my ISP-provided adress.


My ipnat.conf says

map hme0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map hme0 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:40000
map hme0 192.168.1.0/24 -> 0/32


/usr/sbin/sparcv9/ipnat -lv says

List of active MAP/Redirect filters:
map hme0 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map hme0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:40000
map hme0 192.168.1.0/24 -> 0.0.0.0/32

List of active sessions:

List of active host mappings:



NOTE: that the "list of active sessions" and mappings are empty, in spite of a
session being active from 192.168.1.2 to another machine 10.0.20.2.

I can see on the external network that the packets that get sent out on hme0 do
NOT get their source addresses rewritten, i e they still seem to come from
192.168.1.2.

What's wrong? Any suggestions at all?

Hans J. Albertsson, Reimersholmsgatan 63

[prev in list] [next in list] [prev in thread] [next in thread]