Summary: IPFilter with rdr entry on Solaris

Hi all,

I would like to summarize the results of my research. It turned out 
that my ipf and nat files were correctly configured. However, it seems 
to be pretty important that the target machine - the one the data is 
forwarded to - has the firewall set as its default gateway. After 
making a corresponding entry in /etc/defaultrouter on this machine it 
started working.

Regards,

   Andreas


> > I am referring to my earlier request with the subject "Forwarding with
> > IPFilter on Solaris". I am trying to redirect requests to
> >
> >         <external ip address of firewall server>  port = 8080
> >
> > to a machine in the local subnet at port 80. From the FAQs and docs I
> > learned that this is basic stuff and should only require the following
> > additional lines:
> >
> > /etc/opt/ipf/ipf.conf:
> > ===============
> > pass in log quick on hme0 proto tcp from any to any port = 80 keep 
> > state
> >
> > /etc/opt/ipf/ipnat.conf:
> > ==================
> > rdr hme0 0.0.0.0/0 port 8080 -> 192.168.1.10 port 80
> >
> > hme0 is the external interface with a static ISP address. hme1 is the
> > interface connected to the local subnet 192.168.1.0. I expected this 
> > to
> > simply work after doing
> >
> >         ipf -Fa -f /etc/opt/ipf/ipf.conf
> >         ipnat -v -CF -f /etc/opt/ipf/ipnat.conf
> >
> > However, it does not. The connection simply times out. I did "tail -f
> > /var/log/fw.log" while trying to connect, but nothing is logged when I
> > do
> >
> >         telnet <external ip address of firewall> 8080
> >
> > I also upgraded from ip-fil3.4.27 to ip-fil3.4.33pre2 which made no
> > difference. I am stuck. Has anybody got this working on Solaris 8
> > Sparc? Any hints would be greatly appreciated.
> >
> > Thanks a lot!
> >
> > Regards,
> >
> >     Andreas