I'm reading this section from the ipf how-to:
"The rdr function is applied to packets that enter the firewall on the
specified interface. When a packet comes in that matches a rdr rule, its
destination address is then rewritten, it is pushed into ipf for
filtering, and should it successfully run the gauntlet of filter rules,
it is then sent to the unix routing code. Since this packet is still
inbound on the same interface that it will need to leave the system on
to reach a host, *the system gets confused*. Reflectors don't work.
Neither does specifying the address of the interface the packet just
came in on. Always remember that rdr destinations must exit out of the
firewall host on a different interface."
Does this mean I can't have my global zone redirect to a non-global zone
living on the same box? Because I'm really using the loopback interface
and not leaving the system on any physical interface? This applies
whether my global and non-global zone share one interface, or have
unique interfaces? I would like some clarification if Darren is around?
zones-discuss mailing list