I'm reading this section from the ipf how-to:

"The rdr function is applied to packets that enter the firewall on the specified interface. When a packet comes in that matches a rdr rule, its destination address is then rewritten, it is pushed into ipf for filtering, and should it successfully run the gauntlet of filter rules, it is then sent to the unix routing code. Since this packet is still inbound on the same interface that it will need to leave the system on to reach a host, *the system gets confused*. Reflectors don't work. Neither does specifying the address of the interface the packet just came in on. Always remember that rdr destinations must exit out of the firewall host on a different interface."

Does this mean I can't have my global zone redirect to a non-global zone living on the same box? Because I'm really using the loopback interface and not leaving the system on any physical interface? This applies whether my global and non-global zone share one interface, or have unique interfaces? I would like some clarification if Darren is around? Thanks!


zones-discuss mailing list

Reply via email to