Larry Moore wrote:
> Mann, Bradley wrote:
>> "You mention you are using Solaris - Don't expect a redirect to ever
>> make it to localhost, it doesn't work."
[... snip ...]
>
> The following rule should always fail on Solaris
>
> rdr bge0 0/0 port 80 -> 127.0.0.1 port 8080
>
> as will any other RDR to lo0.
Not exactly true. I have done RDRs to lo0, not at 127.0.0.1. The kernel
short-circuits traffic to 127.0.0.0 net, but it does not look
at the interface. I have put a real address on lo0 using "addif ....".
>
> Unless I completely misunderstood your problem I thought I posted you a
> solution based upon what I setup on my IP Filter firewall. Once you get
> the RDR statements setup correctly ensure you have no ipf rules which
> may interfere with your testing. Once you have the RDR working, apply
> your ipf rules and then if you can no longer reach your server you know
> that an ipf rule is blocking it.
Good point. I have spent a lot of time trying to debug my RDRs, when the
filtering was keeping the traffic out.
>
> Larry.
--
Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
Nielsen's First Law of Computer Manuals:
People don't read documentation voluntarily.
