> Briefly stated, IP filter rules cannot be set for logical interfaces.
> You must use the associated physical interface. The existence of
> logical interface is at IP layer. If you set rule for a physical
> interface then IP filter will see packets destined to all logical
> interfaces on that physical interface and will NAT/filter all of them.
> Note that you can set up rules for a virtual (VLAN) interface, for
> example ce1000.
> If for some reason setting up the rule for physical interface does not
> work for you then let us know what you are trying to do and hopefully
> we can come up with a solution.
Thank you Ashwani,
Unfortunately using:
rdr ce0 0.0.0.0/0 port 3891 -> 127.0.0.1 port 389
doesn't work.
When we attempt to connect to the virtual interface ce0:1 packets are
swallowed. The connection isn't refused, no association is returned in:
ipnat -l
and there is certainly no response.
We're simply trying to provide a user-transparent means of switching
between
two LDAP directory instances. We figured port redirection would serve us
well and indeed, in our testing it did.
On our production machine we've been given a virtual interface to work
with
and we've encountered this problem.
regards
Terry
