[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: Ipnat from a localhost
From: "admin () cos ! ru" <admin () cos ! ru>
Date: 2007-09-07 12:22:20
Message-ID: 46E1427C.60408 () cos ! ru
[Download RAW message or body]
Hello, Mark.
If you're limited in hardware but intend on using Solaris + IPF as a NAT
firewall server,
and if extreme perfomance is not an issue, try virtual machines.
I have used a VMWare virtual Solaris machine as a firewall in one
project (where several
servers were colocated on one box). It works fine, with VLANs and stuff
as well.
Considering that the customer's internet uplink is an ADSL connection,
any overhead of
virtual machinery, albeit considerable, is invisible - as far as a
performance impact goes.
Mark.Barnes@FT.com ?????:
>
>
> Thank you Hans, I feared as much - time to look for a different solution i
> guess.....
> cheers
>
> ********************************************
> Mark Barnes
> Financial Times
> 020 7873 3909
> ********************************************
>
>
>
> > ---------+-------------------------------->
> > > Hans Werner Strube |
> > > <strube@physik3.gwdg.|
> > > de> |
> > > Sent by: |
> > > owner-ipfilter@coombs|
> > > .anu.edu.au |
> > > >
> > > >
> > > 15/08/2007 09:54 |
> > > >
> > ---------+-------------------------------->
> > ------------------------------------------------------------------------------------------------------------------------------|
> >
> > < \
> > |
> > To: ipfilter@cairo.anu.edu.au< \
> > |
> > cc: \
> > |
> > Subject: Re: Ipnat from a localhost \
> > |
> > ------------------------------------------------------------------------------------------------------------------------------|
> >
>
>
>
>
> Mark.Barnes@ft.com wrote:
>
> > I have one host lets say it has an address of 10.117.204.45 and i need to
> > access another host with an address of 10.95.101.145
> > The host 10.95.101.145 can only be accessed by 10.117.204.45 through a
> > natted address 10.118.93.145
> >
> > However I want my applications to use the proper address not the natted
> >
> one
> ....
>
> > I put in ipnat.conf on host 10.117.204.45
> >
> > rdr fjqe0 10.95.101.145/32 port 9092 -> 10.118.93.145 port 9092
> >
>
> AfaIk, there is no way to do what you want with a single machine, since
> "rdr" acts on the target address of incoming connections (before
> filtering),
> whereas "map" acts on the source address of outgoing connections (after
> filtering) and "bimap" does both.
> You would need a second firewall machine with two interfaces, then apply
> the same rdr rule on the interface connected to the your host
> 10.117.204.45.
> The firewall machine must be configured as a router from 10.117.204.0/24
> to 10.95.101.145 and recognized as such by your host.
>
>
>
>
> **********************************************************************************
> This email may contain confidential material. If you were not an
> intended recipient, please notify the sender and delete all copies.
> We may monitor email to and from our network.
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic