i don't understand why you said that, what rule number is about that?
i did many tests like deactivating filtering (everything is allowed) and clients can't access internet
but now, i did a new test, by adding a new rule to ipnat: blade100-root% echo "map ife0 192.168.1.0/24 -> XX.XX.XX.XX/32" | ipnat -f - blade100-root% ipnat -l List of active MAP/Redirect filters: map ife0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:40000 map ife0 192.168.1.0/24 -> 0.0.0.0/32 map ife0 192.168.1.0/24 -> XX.XX.XX.XX/32
List of active sessions: MAP 192.168.1.19 32819 <- -> XX.XX.XX.XX 32819 [213.228.0.212 53] blade100-root% ipf -V ipf: IP Filter: v4.0.2 (592) Kernel: IP Filter: v4.0.2 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 1
now, it works because i add something with IP from my ISP, but docs said it is possible to write 0/32 instead of XX.XX.XX.XX/32
it's a workaround, but i think there is a bug somewhere...
Andriy Syrovenko wrote:
Hi!
It seems you're blocking all inbound traffic on eri0.
Andrey.
jdh13 wrote:
hello, i'm using ipfilter at home, and configured a local network. solaris 10, 2 nics: ife0 (external) eri0 (internal) everything works fine when i'm on blade 100 but on a machine on a local network, i can't go to internet, don't understand why...
blade100-me% cat /etc/ipf/ipnat.conf map ife0 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:40000 map ife0 192.168.1.0/24 -> 0/32
blade100-root% ipfstat -on @1 pass out quick on lo0 all @2 block out all @3 pass out log quick on ife0 proto tcp from any to any keep state keep frags @4 pass out log quick on ife0 proto udp from any to any keep state keep frags @5 pass out log quick on ife0 proto icmp from any to any keep state blade100-root% ipfstat -in @1 pass in quick on lo0 all @2 block in log all
ipmon -o N shows nothing
where is my mistake? if somebody can help?
