Re: Easy port forwarding question

Tue, 08 Aug 2006 09:35:38 -0700 


Larry Moore wrote:
> Mann, Bradley wrote:
>> The webserver is also listening on localhost:8080 as far as I know. If I
>> open a browser and navigate to http://localhost:8080 on the server
>> machine, I am able to access my web page. However, these rules appear to
>> have no affect:
>>
>> rdr bge0 0.0.0.0/0 port 80 -> 0.0.0.0 port 8080
>> rdr bge0 0.0.0.0/0 port 443 -> 0.0.0.0 port 8443
>>
>> Can you see any reason why these shouldn't work?
>>
> 
> 
> You mention you are using Solaris - Don't expect a redirect to ever make
> it to localhost, it doesn't work.
However, on Solaris one can create other IP addresses on lo0:
    ifconfig lo0 addif 192.168.1.1 netmask + broadcast + up
Perhaps this will work.  I did this to get data into a zone.  The zone
was listening to another lo0 if at 192.168.1.2.  Perhaps this
will work in a non-zoned way.

BTW: I learned this by calling Sun (we have support).  They were quite
helpful in describing this.  If you have support, you may want to
ask them.

> 
> That aside, why do you define the destination address as 0.0.0.0 -
> surely that is going to fail.
Yes, you also want to put the 192.168.1.1 address in the rule.

> 
> I would suggest you remove ipf rules from the equation by not loading
> them or at least not defining any and only having ipnat rules.
> 
> The following works for me on an OpenBSD 3.3 system with IP Filter
> 3.4.35 installed.
> 
> rdr sis0 0/0 port 80 -> 192.168.54.9 port 8080
> 
> where sis0 is my internal interface and 192.168.54.9 is the address of
> sis0.
> 
> httpd is only listening on port 8080 and it works - see trimmed output
> from ipnat -l.
> 
> 
> bash-2.05b# ipnat -l |grep 80 ; netstat -anf inet | grep 80
> rdr sis0 0.0.0.0/0 port 80 -> 192.168.54.9 port 8080 tcp
> RDR 192.168.54.9    8080  <- -> 192.168.54.9    80    [192.168.54.114 2766]
> RDR 192.168.54.9    8080  <- -> 192.168.54.9    80    [192.168.54.114 2765]
> tcp        0      0  192.168.54.9.8080      192.168.54.114.2766 ESTABLISHED
> tcp        0      0  192.168.54.9.8080      192.168.54.114.2765 ESTABLISHED
> tcp        0      0  *.8080                 *.*                    LISTEN
> 
> Have you verified with a browser that http://<ip-address of bge0>:8080
> works?
> 
> Larry.

-- 
Gary Algier, WB2FWZ          gaa at ulticom.com             +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054      Fax:+1 856 866 2033

Nielsen's First Law of Computer Manuals:
    People don't read documentation voluntarily.

Reply via email to