[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: solaris and ipfilter/ipnat issue
From:       Peter Charpentier <Peter.Charpentier () chappe ! net>
Date:       2005-12-27 16:39:48
Message-ID: 43B16E54.5040903 () chappe ! net
[Download RAW message or body]

Have you enabled ipforwarding?

ndd -set /dev/ip ip_forwarding 1

Here is my NAT rule that I use to NAT all traffic from my private 
network back to the public.

map rtls1 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map rtls1 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp
map rtls1 192.168.1.0/24 -> 0.0.0.0/32

Which means that anything coming from 192.168.1.0, then send it to rtls1 
(WAN interface)

HTH,
Peter

J.D. Bronson wrote:
> I am coming from 'pf' under OpenBSD and trying to use IPFilter
> on Solaris 10. I think I have enough basic knowledge to do this.
> 
> I was quite able to remove the old IPFilter within solaris 10 and 
> install the newest version without any apparent issues.
> 
> I have a basic setup, but NAT is not working and I am not sure it -can- 
> work as I need it to. I need to know the best way to setup my scenario 
> using ipfilter....
> 
> I did enable ip forwarding and its ON.
> 
> Here are the details:
> 
> I have a T-1 from my ISP and it has several IPs on it.
> 
> I have the T-1 Module plugged into my Solaris box on:
> WAN is on 'bge0'.
> LAN is on 'bge1'.
> 
> I dont want ANY live WAN IPs to be anywhere but within the solaris box.
> 
> (netmask is 255.255.255.248) 29bits.
> 
> (modem is 207.227.112.1)
> 
> So, I setup bge0 as 207.227.112.6
> and then bge0:1 as 207.227.112.2
> and then bge0:1 as 207.227.112.3
> and so on...
> 
> Then I setup ipnat.conf as:
> 
> # ipnat -l
> List of active MAP/Redirect filters:
> bimap bge0 192.168.1.2/32 -> 207.227.112.2/32
> bimap bge0 192.168.1.3/32 -> 207.227.112.3/32
> bimap bge0 192.168.1.4/32 -> 207.227.112.4/32
> bimap bge0 192.168.1.5/32 -> 207.227.112.5/32
> map bge0 192.168.1.0/24 -> 207.227.112.6/32 portmap tcp/udp auto
> map bge0 192.168.1.0/24 -> 207.227.112.6/32
> 
> basically, creating (4) 1-to-1 mapped machines
> and then 1 WAN IP to handle outbound 'client' traffic.
> 
> My ipf.conf was trivial:
> 
> # Pass traffic from WAN and keep state
> pass in quick on bge0 all
> pass in quick on bge1 all
> pass out quick on bge0 all
> pass out quick on bge1 all
> 
> 
> 
> I can telnet into or out of the ipfilter router just fine.
> 
> But any traffic to ANY of the 'alias' interface IPs on bge0 do not work.
> Nothing goes in or out.
> 
> This simply has to work somehow, but most of the examples on the net 
> show people using sppp0 or tun0.
> 
> I dont have any of that PPP stuff to worry about here.
> Any thoughts?
[prev in list] [next in list] [prev in thread] [next in thread]