I'm on a host with a reasonably recent version of Solaris 10 (05/09) and wanting to redirect any packets for a localhost port to a remote host. ie, redirect connections made on 127.0.0.1:1749 to 10.0.0.32:1234. I then want to be able to change the NAT rule to point to other hosts based on their availability, without modifying the applications that reference 127.0.0.1:1749
I have set tcp forwarding on with ndd -set /dev/tcp ip_forwarding 1 and set up a rule list to allow all pass in quick from any to any pass out quick from any to any ... then tried to get the following redirection working: rdr lo0 127.0.0.1 port 1749 -> 10.0.0.32 port 1234 tcp Unfortunately this fails when I test it with telnet: > telnet localhost 1749 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Trying ::1... telnet: Unable to connect to remote host: Network is unreachable Am I way off beam here? From what I've read, this sort of thing seems to be possible, as long as I make sure that the end points of the redirect rule are not found on the same network interface (ie, I'm not inadvertently setting up the 'reflector' example given in the howto) ... I'm concerned that I've heard around the place that such sorts of redirections don't work particularly well on Solaris as lo0 isn't a 'proper' interface (whatever that means) ... is this the case? If so, how could I set up something that would do the job? Could I set up an IP alias on some unused network interface in place of 127.0.0.1 just for satisfying the 'can't exit the same interface' requirement of ipfilter? Annoyingly, the application we're wanting to NAT like this runs a connection pool of between 50-70 open connections, so the option of running some proxying application (ie, a simple listen+fork process) won't cut it - we've already tried doing something like this with socat and while it works, it isn't a useable solution for us. Regards, Malcolm -- Malcolm Herbert This brain intentionally [email protected] left blank
