On Wed, May 13, 2009 at 11:46 PM, Terry Dawson <[email protected]> wrote:
> Unfortunately using: > rdr ce0 0.0.0.0/0 port 3891 -> 127.0.0.1 port 389 > doesn't work. > > When we attempt to connect to the virtual interface ce0:1 packets are > swallowed. The connection isn't refused, no association is returned in: > ipnat -l > and there is certainly no response. > I am not sure I understand - so you are trying to connect to IP-of-ce0:1/port-3891 and you see that packets are swallowed? I have personally never redirected traffic on a physical interface to a loopback interface so I am not sure if it works, but that might be causing this issue. > We're simply trying to provide a user-transparent means of switching > between > two LDAP directory instances. We figured port redirection would serve us > well and indeed, in our testing it did. > > On our production machine we've been given a virtual interface to work > with > and we've encountered this problem. > Does your LDAP server only listen on the loopback IP? If you can make your LDAP server listen on the logical IP address (of ce0:1) then the following rule should work without affecting any other traffic: rdr ce0 from any to any port = 3891 -> <IP of ce0:1> port 389 tcp Ashwani
