Hello I have two questions about ipf and ipnat rules and IPFilter behavior.
1. About IPFilter behavior plumbing and unplumbing interfaces on SUN box running Solaris. May I prepare rules set and load these rules on startup, but plumb and configure interfaces upon need later ? Or will I have to restart IPFilter and add/remove configuration lines for ipf and ipnat every time when I plumb/unplumb network interface ? Will rules for non existing interfaces will somehow impact IPFilter services ? Network interfaces are VLAN tagged interfaces like ce100000. Rules examples are : Ipf: pass in quick on ce100000 from 192.168.205.0/24 to 192.168.100.0/24 Ipnat: rdr ce100000 137.167.201.125/32 port 5900 -> 192.168.201.108 port 5900 tcp map ce100000 192.168.201.108/32 -> 137.167.201.125/32 I have no test environment at present, so can't check on working example, thus I expect some comments from community about this. 2. In some case I use bimap for ipnat like : bimap hme0 192.168.205.10/32 -> 192.168.100.160/32 This I need to get available connections to/from specific host for outbound and inbound traffics (host 192.168.205.10 should be reachable from "outside" network as 192.168.100.160). Did I understood right and bimap is not very welcome for configurations like that ? Should I change this better to map/rdr pair and what I would gain if I'll do that ? Thank you for comments. With best regards Martynas
