On Mon, Dec 05, 2005 at 10:04:02AM -0500, Allen wrote:
> I'll continue on assuming they *are* on the same subnet and can reach
> eachother on your LAN.
thanks :)
> >> This looks like you have errors in your ipf rules as well, or do you
> >> have
> >> your ipf and ipnat rules in the same file? Personally I avoid that, and
> >> keep them in separate files.
> >>
> >> I'd ask you:
> >>
> >> 1. What does the "ipnat -l" header say? Is the rdr rule being accepted?
> >
> > [EMAIL PROTECTED]:~# ipnat -l
> > List of active MAP/Redirect filters:
> >
> > List of active sessions:
> > [EMAIL PROTECTED]:~#
>
> That's pretty telling right there. Maybe that's why you're getting the
> lo0 error, along with what you put below this part -- you don't *have* an
> lo0 interface.
>
> I'm not too familiar with solaris/sunos, haven't used one in almost ten
> years, but I'd bet that's why the RDR isn't working. I'm pretty sure if
> there's no /dev entry for the device, that ipnat can't find it any better
> than tcpdump can.
>
> I'd go down that avenue first -- see what it takes to get that device
> showing up to everything.
>
> Once you have a /dev/lo0 (or sunos equivilent) then get back to ipnat, but
> for now it looks like the problem isn't it's fault.
>
> Does "ifconfig lo0" show anything useful, or is it giving an error as well?
the interface itself is working fine:
[EMAIL PROTECTED]:~# ifconfig lo0
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
[EMAIL PROTECTED]:~# ping localhost
localhost is alive
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# ping 127.0.0.1
127.0.0.1 is alive
[EMAIL PROTECTED]:
I checked that on older solaris boxes as well (this is a solaris 10
installation),
and nowhere exists a /dev/lo ... asked a fellow admin, he said this was
always so in solaris - no snooping, no tpcdumping on lo0.
Don't know why I haven't recognized that earlier.
I guess then this is why pfil cannot attach either...
Does that mean, that I will not be able to portforward from localhost?
I could do that with ssh tcpforwarding, but that feels so
quick-and-dirty workaround...
charlie
--
Végh Károly - EUnet Telekom GmbH - Team Systems
Nussdorfer Lände 23, A-1190 Wien, Vienna, Austria
http://www.eunet.at Tel: +43 (0) 591590 / Fax: +43 (0) 591593001
see Disclaimer http://www.eunet.at/signatur/
