rdr on solaris

Martijn de Munnik Tue, 16 Feb 2010 05:30:11 -0800

Hi,

We have an issue with our mail server on Solaris. When our mail server
tries to send mail to some hosts it fails with a time out message. This
only occurs with the combination of Solaris and Cisco PIX. Unfortunately
their doesn't seem to be a solution (I've checked the postfix mailinglist).
The mails can be delivered when a Linux box sends a mail. What I want to
accomplish is the following:


1. Let fail2ban check the maillog and look for the error.
2. When a error is found add a line top ipnat "rdr bge0 [IP CISCO PIX MAIL
SERVER]/32 port 25 -> [IP OUR LINUX MAIL SERVER] port 25 tcp"
3. The next time a delivery attempt is made the message so be delivered to
our linux mail server which will relay the message (this is tested and
proven to work)

Unfortunately I can't get the rdr line to work. What is wrong with it?

#### output from the solaris machine (213.207.89.178)

$ echo "rdr bge0 213.207.90.2 port 25 -> 93.186.180.60 port 25 tcp" |
pfexec ipnat -f -

$ pfexec ipnat -l
List of active MAP/Redirect filters:
rdr bge0 213.207.90.2/32 port 25 -> 93.186.180.60 port 25 tcp

List of active sessions:

$ routeadm
              Configuration   Current              Current
                     Option   Configuration        System State
---------------------------------------------------------------
               IPv4 routing   enabled              enabled
               IPv6 routing   disabled             disabled
            IPv4 forwarding   enabled              enabled
            IPv6 forwarding   disabled             disabled

           Routing services   "route:default ripng:default"

Routing daemons:

                      STATE   FMRI
                   disabled   svc:/network/routing/ripng:default
                   disabled   svc:/network/routing/legacy-routing:ipv4
                   disabled   svc:/network/routing/legacy-routing:ipv6
                   disabled   svc:/network/routing/rdisc:default
                     online   svc:/network/routing/route:default
                     online   svc:/network/routing/ndp:default

$ pfexec ipfstat -i
pass in log quick proto icmp from any to any icmp-type routersol
pass in log quick proto icmp from any to any icmp-type routerad

$ pfexec ipfstat -o
empty list for ipfilter(out)

$ telnet 213.207.90.2 25
Trying 213.207.90.2...
Connected to 213.207.90.2.
Escape character is '^]'.

220 stevie.youngguns.nl ESMTP
$ telnet 93.186.180.60 25
Trying 93.186.180.60...
Connected to 93.186.180.60.
Escape character is '^]'.
220 marcus.youngguns.nl ESMTP


Thanks
Martijn
-- 
YoungGuns
Kasteleinenkampweg 7b
5222 AX 's-Hertogenbosch
T. 073 623 56 40
F. 073 623 56 39
www.youngguns.nl
KvK 18076568

rdr on solaris

Reply via email to