Terry, Briefly stated, IP filter rules cannot be set for logical interfaces. You must use the associated physical interface. The existence of logical interface is at IP layer. If you set rule for a physical interface then IP filter will see packets destined to all logical interfaces on that physical interface and will NAT/filter all of them. Note that you can set up rules for a virtual (VLAN) interface, for example ce1000. If for some reason setting up the rule for physical interface does not work for you then let us know what you are trying to do and hopefully we can come up with a solution.
- Ashwani On Wed, May 13, 2009 at 9:48 PM, Terry Dawson <[email protected]> wrote: > > Hello, > I'm not terribly experienced with ipfilter, or Solaris for that matter, > and have a problem for which I've been unable to find a solution using > my usual resources (FAQ, google web, google groups, google some more). > > I'm trying to configure an rdr rule for packets received on a virtual > interface (ce0:1), but the ipnat command fails, complaining about the > interface name. This appears to be valid because the grammar provided in > the ipnat.conf man page suggests ifname must match: > [a-zA-Z][a-zA-Z]*[0-9]. Clear virtual interfaces names don't. > > ipnat.conf: > # > rdr ce0:1 0.0.0.0/0 port 3891 -> 127.0.0.1 port 389 > > # ipnat -f /etc/ipf/ipnat.conf > syntax error error at ":", line 2 > > What am I doing wrong? Is there something else I should be doing? > > regards > Terry > > --- > Terry Dawson > Solution Architect, Elanti Systems Inc. > > > >
