Thanks for the reply Peter, I tried your configuration but to no avail. I re-read the faq and I'm starting to wonder if this will not work for me because of my configuration. I have Apache Tomcat running on the same machine where ipfilter is running, and there are no machines "behind" it. Normally, we connect directly to a single machine's webserver on port 8080. I am trying to make it so that we connect to this machine's webserver through port 80 without moving the listening port of the webserver itself. Is this similar to the configuration you are running?
Thanks, Brad Mann Software Engineer - Information Access Services HARRIS Corporation / GCSD (321) 984-6292 -----Original Message----- From: Peter Bickel [mailto:[EMAIL PROTECTED] Sent: Monday, August 07, 2006 5:45 PM To: Mann, Bradley Cc: [email protected] Subject: Re: Easy port forwarding question Hi Brad I do the following successful on Solaris 9 with IPFilter 3.4.35, so I'm able to run apache as non root user. The following settings in ipnat.conf do the trick. rdr ce0 0.0.0.0/0 port 80 -> 0.0.0.0 port 10080 rdr ce0 0.0.0.0/0 port 443 -> 0.0.0.0 port 10443 Mann, Bradley wrote: > I still haven't found a solution to this seemingly simple problem. Any > ideas on how to redirect port 80 to another port on the same machine > using ipnat are greatly appreciated. > > Thanks, > > Brad Mann > Software Engineer - Information Access Services > HARRIS Corporation / GCSD > (321) 984-6292 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Joseph Spenner > Sent: Monday, August 07, 2006 1:45 PM > To: [email protected] > Subject: Re: Easy port forwarding question > > Jim: > Was there more to this thread? > I'm trying to accomplish something similar but > having no luck. Assume there is NO ipf.conf for > simplicity. > Also, does the machine need to be routing for a port > redirect to a port on the same system? > > My example: I have a tcp server listening on port > 19000. I wish to 'copy' that to port to 12321, such > that anyone connecting to 12321 will get the same data > as if connecting to 19000. tcp/19000 is not bound to > any particular interface, so 127.0.0.1:19000 and > 10.0.0.6:19000 both are valid. > > I've tried variations on: > > rdr eri1 10.0.0.6/32 port 12321 -> 10.0.0.6 port 19000 > or > rdr eri1 0.0.0.0/0 port 12321 -> 10.0.0.6 port 19000 > > I was a bit confused by the example/problem below. It > seems the source/destination is backwards, or perhaps > my order is backwards? I've tried swapping just in > case, but had no luck. > > Any help would be great. > > Thanks! > > > > --- Jim Sandoz <[EMAIL PROTECTED]> wrote: > >> brad, >> ok, someplace to start -- at the beginning. >> >> (1) >> on the ipf machine, what happens when you >> $ telnet 127.0.0.1 8080 ? >> >> (2) >> as root, what is the output of >> # ipnat -slv ; ipfstat -v ? >> >> (3) >> as root, type this in your >> xterm/console/ssh/whatever session: >> # snoop -Vr -d bge0 port 80 or port 8080 >> now initiate a browser connection from the remote >> machine; >> record the snoop output for us. >> >> now repeat step (2). >> >> jim >> >> >> Mann, Bradley wrote: >> >>> Thanks for the help, >>> >>> My ipf.conf file is blank. (Comments only) >>> >>> ipnat.conf has a single line: >>> rdr bge0 0.0.0.0/0 port 80 -> 127.0.0.1 port 8080 >>> >>> ifconfig -a outputs the following: >>> lo0: > flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> >> mtu >>> 8232 index 1 >>> inet 127.0.0.1 netmask ff000000 >>> bge0: >> flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> >> mtu 1500 index >>> 2 >>> inet 158.147.51.44 netmask ffffff00 >> broadcast 158.147.51.255 >>> ether 0:3:ba:f2:e1:a4 >>> >>> Brad Mann >>> Software Engineer - Information Access Services >>> HARRIS Corporation / GCSD >>> (321) 984-6292 > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- Gruss Pitsch ________________________________________________________________________ __ Peter Bickel e-mail: [EMAIL PROTECTED] IDV & Network Consulting Telephone: +41 44 853 24 16 Gumpenwiesenstrasse 38 Fax: +41 44 853 27 04 CH-8157 Dielsdorf Mobile: +41 79 666 15 50 Switzerland Web: http://www.idv.ch/ ________________________________________________________________________ __
