Just in case somebody was interested the problem disappeared on setting:
set ip:dohwcksum=0
In /etc/system.
--
regards,
Neeraj
> _____________________________________________
> From: Neeraj Jakhar
> Sent: 03 July 2008 16:16
> To: '[email protected]'
> Subject: Port forwarding using ipfilters
>
> Hi All,
>
> I am setting up port forwarding on a Solaris 8 box. I want
> to forward request coming on 10.218.2.80:1522 to 10.218.2.77:23.
>
> I have the following rules set up (and nothing else):
>
> ipnat.conf:
> rdr eri0 from any to 0/0 port = 1522 -> 10.218.2.77 port 23 tcp
>
> ipf.conf
> pass in quick on eri0 proto tcp from any to 10.218.2.77/32 \
> port=23 keep state keep frags flags S
>
>
> Now what I expect is telnet 10.218.2.80 1522 should let me telnet
> to the m/c. However what I observe is that 10.218.2.77 lets me
> connect to port 1522 while 10.218.2.80 doesn't say connection
> refused but times out.
>
> If I change 0/0 to 10.218.2.80/32 in ipnat rule to 10.218.2.80/32
> only time out occurs on 10.218.2.80 and 10.218.2.77 says connection
> refused (which is somewhat "expected" considering what happened
> before).
>
> Both interfaces are on the same box.
> I need this configuration because of some "stubborn" administrator
> who won't let oracle listen on both interfaces while he concedes
> to having port forwarded from one to another.
>
>
> Please help me out.
>
>
>
> Here is some "relevant" output:
>
> ***ifconfig -a***
> lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index
> 1
> inet 127.0.0.1 netmask ff000000
> eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
> index 2
> inet 10.218.2.80 netmask ffffff00 broadcast 10.218.2.255
> ether 0:3:ba:2:ab:99
> qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
> index 3
> inet 10.218.2.77 netmask ffffff00 broadcast 10.218.2.255
> ether 0:3:ba:2:ab:99
>
> ***uname -a***
> SunOS xxxxx 5.8 Generic_117350-55 sun4u sparc SUNW,Sun-Fire-280R
>
> ***modinfo | grep ipf***
> 280 78244000 1e0ad 273 1 ipf (IP Filter: v3.4.20)
>
>
>
> Thanks!!
>
>