Hi folks - new to ipfilters and trying to do some natting with it
I naively believed what i was attempting to do would be fairly simple,
having spent two days and trawled through howtos and mail archives it turns
out it is not.
I have one host lets say it has an address of 10.117.204.45 and i need to
access another host with an address of 10.95.101.145
The host 10.95.101.145 can only be accessed by 10.117.204.45 through a
natted address 10.118.93.145
However I want my applications to use the proper address not the natted one
( for various reasons that i won't bore you with) In addition using a
different dns server and service names is not an option for these
applications.
So
I put in ipnat.conf on host 10.117.204.45
rdr fjqe0 10.95.101.145/32 port 9092 -> 10.118.93.145 port 9092
all seems good from a ipnat -lv
[EMAIL PROTECTED]:/etc/opt/ipf> ipnat -lv
List of active MAP/Redirect filters:
rdr fjqe0 10.95.101.145/32 port 9092 -> 10.118.93.145 port 9092 tcp
List of active sessions:
List of active host mappings:
So i thought that if i then ran
telnet 10.95.101.145 9092 on host 10.117.204.45 i would magically go to
10.118.93.145 and all would be good.
This does not work, and i do not know why, I do not have any of the
filtering/firewall functionality of ipfilters turned on. Do i need to set
something to say use this rule on out going traffic ?
I have tried different syntax and using bimap to no avail
Some additional info bellow
[EMAIL PROTECTED]:/etc/opt/ipf> ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
fjqe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.117.204.45 netmask ffffff00 broadcast 10.117.204.255
ether 0:0:e:25:35:e0
[EMAIL PROTECTED]:/etc/opt/ipf> ipf -V
ipf: IP Filter: v3.4.20 (304)
Kernel: IP Filter: v3.4.20
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
[EMAIL PROTECTED]:/etc/opt/ipf> isainfo -vk
64-bit sparcv9 kernel modules
[EMAIL PROTECTED]:/etc/opt/ipf> uname -a
SunOS ftaps02-uppr-uk-t 5.8 Generic_117350-39 sun4us sparc FJSV,GPUZC-L
[EMAIL PROTECTED]:/etc/opt/ipf> netstat -s -P ip
IPv4 ipForwarding = 1 ipDefaultTTL = 255
ipInReceives =250784501 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
ipForwDatagrams = 0 ipForwProhibits = 0
ipInUnknownProtos = 0 ipInDiscards = 0
ipInDelivers =451909736 ipOutRequests =322196392
ipOutDiscards = 0 ipOutNoRoutes = 0
ipReasmTimeout = 60 ipReasmReqds = 0
ipReasmOKs = 0 ipReasmFails = 0
ipReasmDuplicates = 0 ipReasmPartDups = 0
ipFragOKs = 0 ipFragFails = 0
ipFragCreates = 0 ipRoutingDiscards = 0
tcpInErrs = 0 udpNoPorts =593323
udpInCksumErrs = 0 udpInOverflows = 0
rawipInOverflows = 0 ipsecInSucceeded = 0
ipsecInFailed = 0 ipInIPv6 = 0
ipOutIPv6 = 0 ipOutSwitchIPv6 = 17
[EMAIL PROTECTED]:/etc/opt/ipf> ipfstat -io
pass out quick on lo0 from any to any
pass out quick on fjqe0 from any to any
pass out quick on fjqe1 from any to any
pass out quick on fjqe3 from any to any
pass in quick on lo0 from any to any
pass in quick on fjqe0 from any to any
pass in quick on fjqe1 from any to any
pass in quick on fjqe3 from any to any
[EMAIL PROTECTED]:/etc/opt/ipf>
********************************************
Mark Barnes
Financial Times
020 7873 3909
********************************************
**********************************************************************************
This email may contain confidential material. If you were not an
intended recipient, please notify the sender and delete all copies.
We may monitor email to and from our network.
