RE: Selective nat for an ip address

Thu, 03 Apr 2003 06:59:05 -0800 

Hai guys,
I solved the problem!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I added another rdr rule 
        rdr hme1 from 192.168.2.222/32 to any -> 0 port 0
and then the old rule
        rdr hme1 0.0.0.0/0 port 80 -> 192.168.2.254 port 3128 tcp

This causes packets from 192.168.2.222 to hit the exception rdr rule first
so the second rule is not processed.

I have a different problem. If on changing the ipnat.conf file, if I do
reipnat, then existing connections get flushed. Is there a way where I can
insert new rules less disruptively?

Regards,
Viswa


-----Original Message-----
From: Murugappan Viswanath
[mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 7:46 PM
To: Ipfilter1 (E-mail)
Subject: Selective nat for an ip address


Hello all,

    I have a simple problem with configuring ipfilter on Solaris 8. I would
like to configure ipfilter so that all the machines in the internal network
are blocked, and redirect http requests from these machines to squid running
on the same machine. But for specific machines on the internal network, I
would like to set up nat rules to allow them to access the Internet.

    This is what I tried: (hme1 is the internal interface, hme0 is the
external interface, 192.168.2.222 is the machine for which nat must be
enabled, 192.168.2.254 is the ip address on the internal interface and
172.18.0.254 is the ip address on the external interface)

        ipf.conf

                pass in quick on lo0 all
                pass out quick on lo0 all
                
                block in on hme1 all
                pass in on hme1 proto tcp from any to any flags S keep state
                pass in on hme1 proto udp from any to any keep state
                pass in on hme1 proto icmp from any to any keep state
                pass out on hme1 proto tcp from any to any flags S keep
state
                pass out on hme1 proto udp from any to any keep state
                pass out on hme1 proto icmp from any to any keep state

        ipnat.conf

                map hme0 192.168.2.222/32 -> 172.18.0.254/32 portmap tcp/udp
auto
                map hme0 192.168.2.222/32 -> 172.18.0.254/32
                rdr hme1 0.0.0.0/0 port 80 -> 192.168.2.254 port 3128 tcp

        What happens is that http requests from 192.168.2.222 are also
redirected to squid. I guess this happens as nat rules are run first on
these requests on the internal interface and so it hits the RDR rule. How
can this be avoided?


M.VISWANATH
Millenium Center,
85 Kutchery Road,
Mylapore,Chennai - 600004
Phone(O) :24616768 Ext 311,313
       (R):044-24417140
Mobile :9840066012

Reply via email to