I'm using ipfilter 4.1.13 on a Solaris 9 machine that has only one
ethernet interface. I'd like to intercept TCP packets arriving on
that interface for a specific port and redirect them to another
machine on the same network. I only want to alter the destination
IP address, leaving the source IP address intact so that client
logging will work correctly. I've tested a few ipfilter rules that
I expected to work, but none of them did:
rdr hme0 0.0.0.0/0 port 23 -> xxx.yyy.16.57 port 23
block in quick on hme0 to hme0:xxx.yyy.16.57 proto tcp from any to any
port = 23
block in quick on hme0 dup-to hme0:xxx.yyy.16.57 proto tcp from any to
any port = 23
I've since read that this is impossible, because the kernel can't route
a packet back to the interface on which it just arrived. Is there really
no way to accomplish this with ipfilter? It seems so simple!
--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
