On Mon, December 5, 2005 09:54, Karoly VEGH wrote: > On Mon, Dec 05, 2005 at 09:42:06AM -0500, Allen wrote: >> >> On Mon, December 5, 2005 09:35, Karoly VEGH wrote: >> > On Mon, Dec 05, 2005 at 09:24:40AM -0500, Allen wrote: >> >> >> >> rdr lo0 127.0.0.1/32 port 3306 -> 193.154.165.116 port 3306 >> >> >> >> should do the trick. I don't know why you got the "error at 'lo0'" >> bit, >> >> that should work fine. Maybe a bug because you forgot the /32 >> > >> > [EMAIL PROTECTED]:~# grep ^rdr /etc/ipf/ipf.conf >> > rdr lo0 127.0.0.1/32 port 3306 -> 193.154.165.116 port 3306 >> > [EMAIL PROTECTED]:~# >> > >> > >> > [EMAIL PROTECTED]:~# ifconfig hme1 >> > hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 >> index 3 >> > inet 193.154.182.116 netmask ffffff00 broadcast >> 193.154.180.255 >> > ether 8:0:20:d9:e6:81 >> >> I don't know that you're allowed to use ipnat to do port forwarding to >> an >> address not on a local segment/subnet. >> >> The address you're trying to forward to, 193.154.165.116, isn't in the >> 193.154.182/24 subnet on hme1. > > I know - that was just a lame way to try to hide the real IP from > publicity - sorry.
Ok then. Search/replace or sed works better for that than doing it by hand. Just s/193\.154/192\.168/ and all is hidden. ;) I'll continue on assuming they *are* on the same subnet and can reach eachother on your LAN. >> This looks like you have errors in your ipf rules as well, or do you >> have >> your ipf and ipnat rules in the same file? Personally I avoid that, and >> keep them in separate files. >> >> I'd ask you: >> >> 1. What does the "ipnat -l" header say? Is the rdr rule being accepted? > > [EMAIL PROTECTED]:~# ipnat -l > List of active MAP/Redirect filters: > > List of active sessions: > [EMAIL PROTECTED]:~# That's pretty telling right there. Maybe that's why you're getting the lo0 error, along with what you put below this part -- you don't *have* an lo0 interface. I'm not too familiar with solaris/sunos, haven't used one in almost ten years, but I'd bet that's why the RDR isn't working. I'm pretty sure if there's no /dev entry for the device, that ipnat can't find it any better than tcpdump can. I'd go down that avenue first -- see what it takes to get that device showing up to everything. Once you have a /dev/lo0 (or sunos equivilent) then get back to ipnat, but for now it looks like the problem isn't it's fault. Does "ifconfig lo0" show anything useful, or is it giving an error as well?
