Hello, Mark.
If you're limited in hardware but intend on using Solaris + IPF as a NAT
firewall server,
and if extreme perfomance is not an issue, try virtual machines.
I have used a VMWare virtual Solaris machine as a firewall in one
project (where several
servers were colocated on one box). It works fine, with VLANs and stuff
as well.
Considering that the customer's internet uplink is an ADSL connection,
any overhead of
virtual machinery, albeit considerable, is invisible - as far as a
performance impact goes.
[EMAIL PROTECTED] ?????:
Thank you Hans, I feared as much - time to look for a different solution i
guess.....
cheers
********************************************
Mark Barnes
Financial Times
020 7873 3909
********************************************
|---------+-------------------------------->
| | Hans Werner Strube |
| | <[EMAIL PROTECTED]|
| | de> |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | .anu.edu.au |
| | |
| | |
| | 15/08/2007 09:54 |
| | |
|---------+-------------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|<
|
| To: [email protected]<
|
| cc:
|
| Subject: Re: Ipnat from a localhost
|
>------------------------------------------------------------------------------------------------------------------------------|
[EMAIL PROTECTED] wrote:
I have one host lets say it has an address of 10.117.204.45 and i need to
access another host with an address of 10.95.101.145
The host 10.95.101.145 can only be accessed by 10.117.204.45 through a
natted address 10.118.93.145
However I want my applications to use the proper address not the natted
one
....
I put in ipnat.conf on host 10.117.204.45
rdr fjqe0 10.95.101.145/32 port 9092 -> 10.118.93.145 port 9092
AfaIk, there is no way to do what you want with a single machine, since
"rdr" acts on the target address of incoming connections (before
filtering),
whereas "map" acts on the source address of outgoing connections (after
filtering) and "bimap" does both.
You would need a second firewall machine with two interfaces, then apply
the same rdr rule on the interface connected to the your host
10.117.204.45.
The firewall machine must be configured as a router from 10.117.204.0/24
to 10.95.101.145 and recognized as such by your host.
**********************************************************************************
This email may contain confidential material. If you were not an
intended recipient, please notify the sender and delete all copies.
We may monitor email to and from our network.
