On Mon, December 5, 2005 09:35, Karoly VEGH wrote: > On Mon, Dec 05, 2005 at 09:24:40AM -0500, Allen wrote: >> >> > I have an application that wants to connect to a service on localhost. >> > Not configurable. Hardcoded. Though now we want to move the >> application, >> > and it should connect to a remote host with the service necessary >> > running on it. >> > So we need portforwarding(with keep state I guess), but although I >> read >> > the docs, search the archives, I don't quite get how to map/rdr >> > 127.0.0.1:1234 to 1.2.3.4:3306 ... what is the right syntax please? >> >> rdr lo0 127.0.0.1/32 port 3306 -> 193.154.165.116 port 3306 >> >> should do the trick. I don't know why you got the "error at 'lo0'" bit, >> that should work fine. Maybe a bug because you forgot the /32 > > [EMAIL PROTECTED]:~# grep ^rdr /etc/ipf/ipf.conf > rdr lo0 127.0.0.1/32 port 3306 -> 193.154.165.116 port 3306 > [EMAIL PROTECTED]:~# > > > [EMAIL PROTECTED]:~# ifconfig hme1 > hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 > inet 193.154.182.116 netmask ffffff00 broadcast 193.154.180.255 > ether 8:0:20:d9:e6:81
I don't know that you're allowed to use ipnat to do port forwarding to an address not on a local segment/subnet. The address you're trying to forward to, 193.154.165.116, isn't in the 193.154.182/24 subnet on hme1. Maybe this works, maybe not, I've never tried it before though. > [EMAIL PROTECTED]:~# > 0 arp > 1 ip > 2 pfil > 3 hme > [EMAIL PROTECTED]:~# > [EMAIL PROTECTED]:~# ifconfig lo0 > lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 > index 1 > inet 127.0.0.1 netmask ff000000 > [EMAIL PROTECTED]:~# ifconfig lo0 modlist > ifconfig: _I_MUXID2FD: lo0: Invalid argument > [EMAIL PROTECTED]:~# > > > ...and still no joy: > > and ipf -f : > > [EMAIL PROTECTED]:~# ipf -f /etc/ipf/ipf.conf 2>&1 | tail -5 > 46:ioctl(add/insert rule): File exists > 47:ioctl(add/insert rule): File exists > 48:ioctl(add/insert rule): File exists > 50:ioctl(add/insert rule): File exists > syntax error error at "lo0", line 50 > [EMAIL PROTECTED]:~# This looks like you have errors in your ipf rules as well, or do you have your ipf and ipnat rules in the same file? Personally I avoid that, and keep them in separate files. I'd ask you: 1. What does the "ipnat -l" header say? Is the rdr rule being accepted? 2. What happens when you tcpdump the port (on both interfaces; lo0 and hme1) and try to telnet to localhost:3306?
