Hi,
I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.200
to
corresponding ports of server 10.2.45.197.
I am using Solaris 10.0.
-bash-3.00$ uname -a
SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445
Is there someway out in Solaris to accomplish this ?
1st case - If you want to block any ports
#vi /etc/ipf/pfil.ap
and uncomment there the specific drivers you are interested in
#svcadm enable ipfilter
to enable and start the ipfilter service.
#autopush -f /etc/ipf/pfil.ap
For example,
You will find some examples of the ipf.conf configuration file in /usr/share/ipfilter/examples. Just copy one of them over /etc/ipf/ipf.conf to start playing around. A simpler demo is to add the one line (spaces between each word):
block in quick proto tcp from any to any port = 23
to the default empty /etc/ipf/ipf.conf and check that you firewall is running by trying to telnet to your machine from another one
2nd case, on your question on IP forwarding,
To accomplish my task, I have done this on 10.2.45.100:
In /etc/ipf/ipf.conf
pass in quick log proto udp from 75.126.76.41 port = 30118 to 10.2.45.197 port = 30118
pass in quick log proto udp from 75.126.76.41 port = 30119 to 10.2.45.197 port = 30119
pass in quick log proto udp from 75.126.76.41 port = 30120 to 10.2.45.197 port = 30120
pass in quick log proto udp from 75.126.76.41 port = 30121 to 10.2.45.197 port = 30121
In /etc/ipf/ipnat.conf
rdr bge1:1 75.126.76.41/8 port 30118 -> 10.2.45.197 port 30118 udp
rdr bge1:1 75.126.76.41/8 port 30119 -> 10.2.45.197 port 30119 udp
rdr bge1:1 75.126.76.41/8 port 30120 -> 10.2.45.197 port 30120 udp
rdr bge1:1 75.126.76.41/8 port 30121 -> 10.2.45.197 port 30121 udp
This is my ipfstat -io output.
Am I going the right way ? To apply changes in ipnat.conf, do we need a reboot.
Pls suggest a way forward.
I think it can be done without reboot with that:
ipnat -C -f /etc/ipf/ipnat.conf
To check if rules got imported to NAT table use:
ipnat -l
Thanks for reply. I am getting this error.
# ipnat -C -f /etc/ipf/ipnat.conf
0 entries flushed from NAT list
syntax error error at ":", line 1
Seems like it ipnat doesn't takes interface name with ":". However, this is working fine.
rdr bge1 75.126.76.41/8 port 30118 -> 10.2.45.197 port 30118 udp
Hi People,
Just an update. I have achieved this.
There is no need for ipf rules here.
We need to specify only ipnat rules in ipnat.conf.
ipnat.conf
rdr bge1 75.126.76.41/8 port 30118 -> 10.2.45.197 port 30118 udp
rdr bge1 75.126.76.41/8 port 30119 -> 10.2.45.197 port 30119 udp
rdr bge1 75.126.76.41/8 port 30120 -> 10.2.45.197 port 30120 udp
rdr bge1 75.126.76.41/8 port 30121 -> 10.2.45.197 port 30121 udp
NOTE: Ipnat rules does not work for virtual IPs.
Thanks to all.