RE: Port forwarding using ipfilters

Fri, 11 Jul 2008 05:09:01 -0700 

Just in case somebody was interested the problem disappeared on setting:

        set ip:dohwcksum=0

In /etc/system.

--
regards,
Neeraj

> _____________________________________________ 
> From:         Neeraj Jakhar  
> Sent: 03 July 2008 16:16
> To:   '[email protected]'
> Subject:      Port forwarding using ipfilters
> 
> Hi All,
> 
> I am setting up port forwarding on a Solaris 8 box. I want 
> to forward request coming on 10.218.2.80:1522 to 10.218.2.77:23.
> 
> I have the following rules set up (and nothing else):
> 
> ipnat.conf:
>       rdr eri0 from any to 0/0 port = 1522 -> 10.218.2.77 port 23 tcp
> 
> ipf.conf
>       pass in quick on eri0 proto tcp from any to 10.218.2.77/32 \
>               port=23 keep state keep frags flags S
> 
> 
> Now what I expect is telnet 10.218.2.80 1522 should let me telnet 
> to the m/c. However what I observe is that 10.218.2.77 lets me 
> connect to port 1522 while 10.218.2.80 doesn't say connection 
> refused but times out.
> 
> If I change 0/0 to 10.218.2.80/32 in ipnat rule to 10.218.2.80/32 
> only time out occurs on 10.218.2.80 and 10.218.2.77 says connection 
> refused (which is somewhat "expected" considering what happened 
> before).
> 
> Both interfaces are on the same box. 
> I need this configuration because of some "stubborn" administrator 
> who won't let oracle listen on both interfaces while he concedes 
> to having port forwarded from one to another.
> 
> 
> Please help me out.
> 
> 
> 
> Here is some "relevant" output:
> 
> ***ifconfig -a***
> lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index
> 1
>         inet 127.0.0.1 netmask ff000000 
> eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
> index 2
>         inet 10.218.2.80 netmask ffffff00 broadcast 10.218.2.255
>         ether 0:3:ba:2:ab:99 
> qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
> index 3
>         inet 10.218.2.77 netmask ffffff00 broadcast 10.218.2.255
>         ether 0:3:ba:2:ab:99 
> 
> ***uname -a***
> SunOS xxxxx 5.8 Generic_117350-55 sun4u sparc SUNW,Sun-Fire-280R
> 
> ***modinfo | grep ipf***
> 280 78244000  1e0ad 273   1  ipf (IP Filter: v3.4.20)
> 
> 
> 
> Thanks!!
> 
>

Reply via email to