Recently upgrade solaris sparc from 8 to 10, there is ipfilter on the servers. it seems rdr simply does not work properly on solaris 10. given an example ipnat rdr rule:
rdr eri0 0.0.0.0/0 port 16398 -> 172.25.128.236 port 12000 udp Use snoop to monitor the packets. On solais 8, the rdr rule works fine and have the redirected udp packets sending out. (with dest ip/port changed to 172.25.128.236/12000) However, on solaris 10, there is NO redirected packets sending out. Both solaris 8 and 10 run the same ipfilter 4.1.34 with same config. Both solaris 8 and 10 have single ethernet interface. Solaris 10 is 5/09 u7 sparc versioin. # ipf -V ipf: IP Filter: v4.1.34 (720) Kernel: IP Filter: v4.1.34 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 0 Feature mask: 0x187 In addition, on solaris 10, use dtrace to monitor ipfilter function call flow, found the incoming UDP packet with port 16398 captured by ipfilter fr_check(), and the dest ip/port also changed to 172.25.128.236/12000 after fr_checknatin() gets called. p.s. The solaris 10 stock ipf 4.1.9 meets the same issue as ipfilter 4.1.34. Please, who can give a hand? Regards, James Huang
