I've been trying off and on for several days to get ipf installed on my Solaris 8 box to test out a particular configuration. I had previously convinced myself from reading the howto that my application could be accomplished, but now I'm not so sure. If anyone who is much more intimate with this than I am could guide me along, I'd appreciate it.
The crux of the issue is whether I can use ipf/ipnat to change the destination address of an outbound packet and the source address of an inbound packet. This is kind of the opposite of what traditional NAT does.
Here's the long story. I have a Sun Ultra 10 running Solaris 8 which is running a large software application. This application communicates through a large IP network to a board running VxWorks which resides in a compact PCI shelf. This card in turn communicates through a private IP network (over a compactPCI midplane) to other VxWorks cards using their private IP addresses. Certain software requires the Sun to directly address the privately addressed cards by using the main card as a router. Here's the picture:
Sun VxWorks
main board
hme0 if1
192.168.0.9 ----(IP cloud)----192.168.100.1
routes to other VxWorks
if2 board
10.20.1.20-------------10.20.1.7So the routers in the IP cloud know that to get to 10.20.1.0 subnet, the packet needs to go through the "router" 192.168.100.1.
Now, I have a situation where the routing in the IP cloud cannot/will not be done, so I am trying to find a workaround.
My idea was to get extra addresses on the 192.168.100.x subnet to use as aliases for the private addresses. Let's say that I have 192.168.100.7 as an alias for 10.20.1.7. The software application on the Sun would try to send its packet to 10.20.1.7, and I'd like to use ipnat to change the destination from 10.20.1.7 to 192.168.100.7. The packet then gets sent out and routed across the network to a newly inserted device which has an ethernet port on the 192.168.100.x network with 192.168.100.7 as an IP. It would use ipnat to change that back to 10.20.1.7, and send it out a second port over to 192.168.100.1.
Visually:
Sun VxWorks
main board
hme0 if1
192.168.0.9-----(IP cloud)-[ ]--192.168.100.1
^ ^ routes to other VxWorks
| | if2 board
| | 10.20.1.20-------------10.20.1.7
run ipnat |
here new device
to change runs ipnat
destination here to change
originSo is this the type of application that ipf/ipnat can do gracefully and simply? Or is this in some profound way different than all of the other applications I've been reading about in the various documentation and emails on the subject?
Thanks, Jeff Gilles
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee� Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
