I am coming from 'pf' under OpenBSD and trying to use IPFilter
on Solaris 10. I think I have enough basic knowledge to do this.
I was quite able to remove the old IPFilter within solaris 10 and
install the newest version without any apparent issues.
I have a basic setup, but NAT is not working and I am not sure it
-can- work as I need it to. I need to know the best way to setup my
scenario using ipfilter....
I did enable ip forwarding and its ON.
Here are the details:
I have a T-1 from my ISP and it has several IPs on it.
I have the T-1 Module plugged into my Solaris box on:
WAN is on 'bge0'.
LAN is on 'bge1'.
I dont want ANY live WAN IPs to be anywhere but within the solaris box.
(netmask is 255.255.255.248) 29bits.
(modem is 207.227.112.1)
So, I setup bge0 as 207.227.112.6
and then bge0:1 as 207.227.112.2
and then bge0:1 as 207.227.112.3
and so on...
Then I setup ipnat.conf as:
# ipnat -l
List of active MAP/Redirect filters:
bimap bge0 192.168.1.2/32 -> 207.227.112.2/32
bimap bge0 192.168.1.3/32 -> 207.227.112.3/32
bimap bge0 192.168.1.4/32 -> 207.227.112.4/32
bimap bge0 192.168.1.5/32 -> 207.227.112.5/32
map bge0 192.168.1.0/24 -> 207.227.112.6/32 portmap tcp/udp auto
map bge0 192.168.1.0/24 -> 207.227.112.6/32
basically, creating (4) 1-to-1 mapped machines
and then 1 WAN IP to handle outbound 'client' traffic.
My ipf.conf was trivial:
# Pass traffic from WAN and keep state
pass in quick on bge0 all
pass in quick on bge1 all
pass out quick on bge0 all
pass out quick on bge1 all
I can telnet into or out of the ipfilter router just fine.
But any traffic to ANY of the 'alias' interface IPs on bge0 do not work.
Nothing goes in or out.
This simply has to work somehow, but most of the examples on the net
show people using sppp0 or tun0.
I dont have any of that PPP stuff to worry about here.
Any thoughts?
