Hello,
I have an application that wants to connect to a service on localhost.
Not configurable. Hardcoded. Though now we want to move the application,
and it should connect to a remote host with the service necessary
running on it.
So we need portforwarding(with keep state I guess), but although I read
the docs, search the archives, I don't quite get how to map/rdr
127.0.0.1:1234 to 1.2.3.4:3306 ... what is the right syntax please?
I have tried things like:
rdr lo0 127.0.0.1 port 3306 -> 193.154.165.116 port 3306
(syntax error error at "lo0", line 52)
or:
rdr hme1 127.0.0.1 port = 3306 -> 193.154.165.116 port = 3306
(syntax error error at "hme1", line 52)
...and similar things with "map", now I am confused what I do wrong.
any help is appreciated,
charlie
default infos:
[EMAIL PROTECTED]:~# uname -a
SunOS tomcat01 5.10 Generic_118822-11 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
[EMAIL PROTECTED]:~# isainfo -vk
64-bit sparcv9 kernel modules
[EMAIL PROTECTED]:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.27.0.101 netmask ffff0000 broadcast 172.27.255.255
ether 8:0:20:d9:e6:80
hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 193.154.178.106 netmask ffffff00 broadcast 193.154.178.255
ether 8:0:20:d9:e6:81
[EMAIL PROTECTED]:~# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
193.154.178.0 193.154.178.106 U 1 3 hme1
10.122.32.0 172.27.0.156 UG 1 20
172.27.0.0 172.27.0.101 U 1 19 hme0
172.27.0.0 172.27.0.156 UG 1 0
224.0.0.0 172.27.0.101 U 1 0 hme0
default 193.154.178.28 UG 1 13
127.0.0.1 127.0.0.1 UH 4 98 lo0
[EMAIL PROTECTED]:~# netstat -i
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback localhost 445 0 445 0 0 0
hme0 1500 tomcat01 tomcat01 232133 0 8035 22 62 0
hme1 1500 tomcat01.serv.eunet.at tomcat01.serv.eunet.at 433193 0 109 0
0 0
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# netstat -s -P ip
IPv4 ipForwarding = 2 ipDefaultTTL = 255
ipInReceives = 27120 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
ipForwDatagrams = 0 ipForwProhibits = 0
ipInUnknownProtos = 0 ipInDiscards = 0
ipInDelivers = 1346 ipOutRequests = 7969
ipOutDiscards = 0 ipOutNoRoutes = 2
ipReasmTimeout = 60 ipReasmReqds = 0
ipReasmOKs = 0 ipReasmFails = 0
ipReasmDuplicates = 0 ipReasmPartDups = 0
ipFragOKs = 0 ipFragFails = 0
ipFragCreates = 0 ipRoutingDiscards = 0
tcpInErrs = 0 udpNoPorts = 5629
udpInCksumErrs = 0 udpInOverflows = 0
rawipInOverflows = 0 ipsecInSucceeded = 0
ipsecInFailed = 0 ipInIPv6 = 0
ipOutIPv6 = 0 ipOutSwitchIPv6 = 0
[EMAIL PROTECTED]:~# ipf -V
ipf: IP Filter: v4.0.2 (592)
Kernel: IP Filter: v4.0.2
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# ipfstat
bad packets: in 0 out 0
input packets: blocked 3777 passed 27135 nomatch 211 counted 0 short 0
output packets: blocked 28 passed 7961 nomatch 2393 counted 0 short 0
input packets logged: blocked 3777 passed 68
output packets logged: blocked 0 passed 55
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0
fragment state(out): kept 0 lost 0
packet state(in): kept 15 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 13047 (out): 5540
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 2 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 44151
Packet log flags set: (0)
none
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# ipfstat -io
block out quick on hme1 from any to 192.168.0.0/16
block out quick on hme1 from any to 172.16.0.0/12
block out quick on hme1 from any to 10.0.0.0/8
block out quick on hme1 from any to 0.0.0.0/8
block out quick on hme1 from any to 127.0.0.0/8
block out quick on hme1 from any to 169.254.0.0/16
block out quick on hme1 from any to 192.0.2.0/24
block out quick on hme1 from any to 204.152.64.0/23
block out quick on hme1 from any to 224.0.0.0/4
block in quick on hme1 from 192.168.0.0/16 to any
block in quick on hme1 from 172.16.0.0/12 to any
block in quick on hme1 from 10.0.0.0/8 to any
block in quick on hme1 from 127.0.0.0/8 to any
block in quick on hme1 from 0.0.0.0/8 to any
block in quick on hme1 from 169.254.0.0/16 to any
block in quick on hme1 from 192.0.2.0/24 to any
block in quick on hme1 from 204.152.64.0/23 to any
block in quick on hme1 from 224.0.0.0/3 to any
block in log all
pass in quick on hme0 from any to any
pass in log quick on hme1 proto tcp from any to 193.154.178.106/32 port = 80
keep state
pass in log quick on hme1 proto tcp from any to 193.154.178.106/32 port = 443
keep state
pass in quick on hme1 proto tcp from 193.154.178.106/32 to 193.154.178.106/32
port = 8080 keep state
block in log quick on hme1 proto tcp from any to 193.154.178.106/32 port = 8080
block in log quick on hme1 proto tcp from 195.170.92.1/32 to 193.154.178.106/32
port = 8080
block in quick on hme1 proto tcp from any to any port = 8080
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# ipnat -slv
mapped in 0 out 0
added 0 expired 0
no memory 0 bad nat 0
inuse 0
rules 0
wilds 0
table ffffffff7ffffae0 list 0
List of active MAP/Redirect filters:
List of active sessions:
List of active host mappings:
[EMAIL PROTECTED]:~#
TIA
charlie
--
Végh Károly - EUnet Telekom GmbH - Team Systems
Nussdorfer Lände 23, A-1190 Wien, Vienna, Austria
http://www.eunet.at Tel: +43 (0) 591590 / Fax: +43 (0) 591593001
see Disclaimer http://www.eunet.at/signatur/
