Re: portforwarding

Tue, 27 Dec 2005 08:35:19 -0800 

Charlie,
You cannot do anything with the loopback interface in Solaris. No filtering, snooping or anything. 

Rgds,
Peter

Karoly VEGH wrote:

On Mon, Dec 05, 2005 at 10:04:02AM -0500, Allen wrote:



I'll continue on assuming they *are* on the same subnet and can reach
eachother on your LAN.




thanks :) 




This looks like you have errors in your ipf rules as well, or do you
have
your ipf and ipnat rules in the same file?  Personally I avoid that, and
keep them in separate files.

I'd ask you:

1. What does the "ipnat -l" header say?  Is the rdr rule being accepted?


[EMAIL PROTECTED]:~# ipnat -l
List of active MAP/Redirect filters:

List of active sessions:
[EMAIL PROTECTED]:~#


That's pretty telling right there.  Maybe that's why you're getting the
lo0 error, along with what you put below this part -- you don't *have* an
lo0 interface.

I'm not too familiar with solaris/sunos, haven't used one in almost ten
years, but I'd bet that's why the RDR isn't working.  I'm pretty sure if
there's no /dev entry for the device, that ipnat can't find it any better
than tcpdump can.

I'd go down that avenue first -- see what it takes to get that device
showing up to everything.

Once you have a /dev/lo0 (or sunos equivilent) then get back to ipnat, but
for now it looks like the problem isn't it's fault.

Does "ifconfig lo0" show anything useful, or is it giving an error as well?




the interface itself is working fine: 


[EMAIL PROTECTED]:~# ifconfig lo0
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 
index 1

        inet 127.0.0.1 netmask ff000000 
[EMAIL PROTECTED]:~# ping localhost

localhost is alive

[EMAIL PROTECTED]:~# 
[EMAIL PROTECTED]:~# ping 127.0.0.1

127.0.0.1 is alive
[EMAIL PROTECTED]:


I checked that on older solaris boxes as well (this is a solaris 10 installation), 
and nowhere exists a /dev/lo ... asked a fellow admin, he said this was 
always so in solaris - no snooping, no tpcdumping on lo0. 

Don't know why I haven't recognized that earlier. 


I guess then this is why pfil cannot attach either...



Does that mean, that I will not be able to portforward from localhost? 
I could do that with ssh tcpforwarding, but that feels so

quick-and-dirty workaround...


charlie























					Reply via email to