YJ Fan wrote:
For example, we use ce0 and ce1 for the server:
rdr ce0 68.199.199.0/24 port 8888 -> 68.199.199.199 port 1521 tcp
rdr ce1 68.199.199.0/24 port 8888 -> 68.199.199.199 port 1521 tcp
rdr ce0 65.197.230.0/24 port 2222 -> 68.199.199.199 port 22 tcp
This should basically work, but only if all of the traffic for any given
connection passes through the same physical interface. Because of the way
IPFilter NAT works, the connection state is associated with a physical
interface.
It works for only one card, but can never work for both card at same time,
connection coming from another card always timeout, though the global zone log
shows that the active connection are made (ipmon and ipnat -l).
I suspect that in the multiple card case you are experiencing asymmetric
routing and the incoming and outgoing traffic are going out through different
NICs. This is a stereotypical example of why NAT doesn't work in general in
an internet. Though in this case it could technically be made to work if
IPFilter NAT was a bit smarter, I don't think it's possible with the current
version.
I think Jim Carlson's suggestion to look into netcat is probably the best
approach; it is effectively the same technique that you'd get with the
forwarding function of xinetd.
-=] Mike [=-
_______________________________________________
opensolaris-discuss mailing list
[email protected]
