brad,
ok, someplace to start -- at the beginning.
(1)
on the ipf machine, what happens when you
$ telnet 127.0.0.1 8080 ?
(2)
as root, what is the output of
# ipnat -slv ; ipfstat -v ?
(3)
as root, type this in your xterm/console/ssh/whatever session:
# snoop -Vr -d bge0 port 80 or port 8080
now initiate a browser connection from the remote machine;
record the snoop output for us.
now repeat step (2).
jim
Mann, Bradley wrote:
Thanks for the help,
My ipf.conf file is blank. (Comments only)
ipnat.conf has a single line:
rdr bge0 0.0.0.0/0 port 80 -> 127.0.0.1 port 8080
ifconfig -a outputs the following:
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index
2
inet 158.147.51.44 netmask ffffff00 broadcast 158.147.51.255
ether 0:3:ba:f2:e1:a4
Brad Mann
Software Engineer - Information Access Services
HARRIS Corporation / GCSD
(321) 984-6292
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Sandoz
Sent: Friday, July 14, 2006 10:47 AM
To: [email protected]
Subject: Re: Easy port forwarding question
brad,
a)
you should be using bge0.
b)
did you drill a hole for the rewritten packets in your ipf.conf?
http://www.phildev.net/ipf/IPFques.html#ques11
c)
post your ipf.conf, your ipnat.conf, and the output of "ifconfig -a";
then we can solve your problem in 60 seconds.
http://www.phildev.net/ipf/IPFmail.html#mail3
regards,
jim
Mann, Bradley wrote:
Thanks for the help. I tried the those settings but they didn't seem
to
work. Perhaps I am not understanding the <IF> part of the command.
netstat -i shows 2 entries:
lo0 8232 loopback localhost ...
bge0 1500 machinename machinename ...
I tried using both of these as the value for <IF> but the machine
still
didn't seem to forward the ports. I reloaded the file with the
following
commands:
ipnat -C
ipnat -f ipnat.conf
Am I missing something?
Brad Mann
Software Engineer - Information Access Services
HARRIS Corporation / GCSD
(321) 984-6292
-----Original Message-----
From: Flemming Laugaard [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 13, 2006 7:46 AM
To: Mann, Bradley
Cc: [email protected]
Subject: Re: Easy port forwarding question
Hello,
I am extremely new to ipfilter/ipnat, and all I am attempting to
accomplish is to have port 80 on a machine forward to its own port
8080.
This command will need to be as generic as possible so that it can be
deployed to other locations that have the same configuration but
different IP address.
ipnat:
rdr <IF> <SRVIP>/32 port 80 -> 127.0.0.1 port 8080
I can't do it more generic than this. You need to set both IP
adresses.
But that could be solved by scripting :-)
You could also try
rdr <IF> 0.0.0.0/0 port 80 -> 127.0.0.1 port 8080
For redirecting anything going anywhere on <IF> port 80. I haven't
tried
it myself.
Regards
Flemming Laugaard
