Re: sample/proxy.c

Fri, 19 May 2006 01:44:06 -0700 


Darren Reed wrote:

SunOS softrouter 5.10 Generic_118844-28 i86pc i386 i86pc
ip_fil4.1.10
pfil-2.1.7

> box]A-----B[gateway]C----D[dest
>
> A = 210.my.ext.IP
> B = 172.20.11.254
> C = ???
> D = 210.172.133.140


box]A-----B[gateway]C----D[dest

A = 210.my.ext.IP
B = 210.172.133.140
C = 172.20.11.254
D = Either on 210.172.133.140/172.20.11.254 server
  OR any of the internal cluster boxes (172.20.11.5 - 172.20.11.15)



Try this RDR rule:
rdr e1000g0 0.0.0.0/0 port 7100 -> 210.172.133.140 port 1 tcp

And e1000g1 should be C.



That I can do. I assumed the packet had to "travel through", and since it comes 
in on 210.172.133.140 (B) it has to be RDR'd to something else:


# ipnat -l
rdr e1000g0 0.0.0.0/0 port 7100 -> 210.172.133.140 port 1 tcp

#  telnet 210.172.133.140 7100
Escape character is '^]'.
local IP# to use: 210.172.133.140
local port# to use: 63518
in   IP is: 210.172.133.140
out  IP is: 210.my.ext.IP
real IP is: 210.172.133.140
remote end for connection: 210.172.133.140,7100
OK Hello 210.172.133.140:63518 - you are connected to 210.172.133.140:7100
Connection closed by foreign host.

# ipnat -l
RDR 210.172.133.140 1     <- -> 210.172.133.140 7100  [210.172.146.222 60638]










Just incase it matters, here is the full ipnat -l:

List of active MAP/Redirect filters:
map e1000g0 172.20.11.0/24 -> 210.172.133.140/32 proxy port ftp ftp/tcp
map e1000g0 172.20.11.0/24 -> 210.172.133.140/32 portmap tcp/udp auto
map e1000g0 172.20.11.0/24 -> 210.172.133.140/32
rdr e1000g0 0.0.0.0/0 port 2200 -> 172.20.11.130 port 22 tcp
rdr e1000g0 0.0.0.0/0 port 80 -> 172.20.11.5 port 80 tcp round-robin
rdr e1000g0 0.0.0.0/0 port 21 -> 172.20.11.7 port 21 tcp round-robin proxy ftp
rdr e1000g0 0.0.0.0/0 port 25 -> 172.20.11.11 port 25 tcp round-robin
rdr e1000g0 0.0.0.0/0 port 993 -> 172.20.11.8 port 993 tcp round-robin
rdr e1000g0 0.0.0.0/0 port 143 -> 172.20.11.8 port 143 tcp round-robin
rdr e1000g0 0.0.0.0/0 port 110 -> 172.20.11.8 port 110 tcp round-robin
rdr e1000g0 0.0.0.0/0 port 995 -> 172.20.11.8 port 995 tcp round-robin
rdr e1000g0 0.0.0.0/0 port 7100 -> 210.172.133.140 port 1 tcp





--
Jorgen Lundman       | <[EMAIL PROTECTED]>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)






















					Reply via email to