On Mon, Dec 05, 2005 at 09:42:06AM -0500, Allen wrote: > > On Mon, December 5, 2005 09:35, Karoly VEGH wrote: > > On Mon, Dec 05, 2005 at 09:24:40AM -0500, Allen wrote: > >> > >> rdr lo0 127.0.0.1/32 port 3306 -> 193.154.165.116 port 3306 > >> > >> should do the trick. I don't know why you got the "error at 'lo0'" bit, > >> that should work fine. Maybe a bug because you forgot the /32 > > > > [EMAIL PROTECTED]:~# grep ^rdr /etc/ipf/ipf.conf > > rdr lo0 127.0.0.1/32 port 3306 -> 193.154.165.116 port 3306 > > [EMAIL PROTECTED]:~# > > > > > > [EMAIL PROTECTED]:~# ifconfig hme1 > > hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 > > inet 193.154.182.116 netmask ffffff00 broadcast 193.154.180.255 > > ether 8:0:20:d9:e6:81 > > I don't know that you're allowed to use ipnat to do port forwarding to an > address not on a local segment/subnet. > > The address you're trying to forward to, 193.154.165.116, isn't in the > 193.154.182/24 subnet on hme1.
I know - that was just a lame way to try to hide the real IP from publicity - sorry. > > and ipf -f : > > > > [EMAIL PROTECTED]:~# ipf -f /etc/ipf/ipf.conf 2>&1 | tail -5 > > 46:ioctl(add/insert rule): File exists > > 47:ioctl(add/insert rule): File exists > > 48:ioctl(add/insert rule): File exists > > 50:ioctl(add/insert rule): File exists > > syntax error error at "lo0", line 50 > > [EMAIL PROTECTED]:~# > > This looks like you have errors in your ipf rules as well, or do you have > your ipf and ipnat rules in the same file? Personally I avoid that, and > keep them in separate files. > > I'd ask you: > > 1. What does the "ipnat -l" header say? Is the rdr rule being accepted? [EMAIL PROTECTED]:~# ipnat -l List of active MAP/Redirect filters: List of active sessions: [EMAIL PROTECTED]:~# unfortuneately no - but I guessed so since line 50 is the one with the rdr. The only rdr. > 2. What happens when you tcpdump the port (on both interfaces; lo0 and > hme1) and try to telnet to localhost:3306? cannot tcpdump/snoop on lo0 ... I do not have a /dev/lo device: [EMAIL PROTECTED]:~# ls /dev/lo* /dev/lockstat /dev/lofictl /dev/log /dev/logindmux [EMAIL PROTECTED]:~# the hme is there alright: [EMAIL PROTECTED]:~# ls /dev/hme* /dev/hme [EMAIL PROTECTED]:~# [EMAIL PROTECTED]:~# snoop -d lo0 snoop: /dev/lo: No such file or directory [EMAIL PROTECTED]:~# charlie -- Végh Károly - EUnet Telekom GmbH - Team Systems Nussdorfer Lände 23, A-1190 Wien, Vienna, Austria http://www.eunet.at Tel: +43 (0) 591590 / Fax: +43 (0) 591593001 see Disclaimer http://www.eunet.at/signatur/
