Port/IP Forwarding in Solaris 10.0

Hi,

I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.200
to
corresponding ports of server 10.2.45.197.

I am using Solaris 10.0.

-bash-3.00$ uname -a
SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445

Is there someway out in Solaris to accomplish this ?

I think you should use "ipnat", though I've never used it and don't know how to configure it. Man pages should help you with that:
ipnat(4) � IP NAT file format (man pages section 4: File Formats) - Sun Microsystems
ipnat(1M) � user interface to the NAT subsystem (man pages section 1M: System Administration Commands) - Sun Microsystems

1st case - If you want to block any ports
#vi /etc/ipf/pfil.ap
and uncomment there the specific drivers you are interested in
#svcadm enable ipfilter
to enable and start the ipfilter service.
#autopush -f /etc/ipf/pfil.ap
For example,
You will find some examples of the ipf.conf configuration file in /usr/share/ipfilter/examples. Just copy one of them over /etc/ipf/ipf.conf to start playing around. A simpler demo is to add the one line (spaces between each word):
block in quick proto tcp from any to any port = 23
to the default empty /etc/ipf/ipf.conf and check that you firewall is running by trying to telnet to your machine from another one

2nd case, on your question on IP forwarding,

To accomplish my task, I have done this on 10.2.45.100:

In /etc/ipf/ipf.conf

pass in quick log proto udp from 75.126.76.41 port = 30118 to 10.2.45.197 port = 30118
pass in quick log proto udp from 75.126.76.41 port = 30119 to 10.2.45.197 port = 30119
pass in quick log proto udp from 75.126.76.41 port = 30120 to 10.2.45.197 port = 30120
pass in quick log proto udp from 75.126.76.41 port = 30121 to 10.2.45.197 port = 30121

In /etc/ipf/ipnat.conf

rdr bge1:1 75.126.76.41/8 port 30118 -> 10.2.45.197 port 30118 udp
rdr bge1:1 75.126.76.41/8 port 30119 -> 10.2.45.197 port 30119 udp
rdr bge1:1 75.126.76.41/8 port 30120 -> 10.2.45.197 port 30120 udp
rdr bge1:1 75.126.76.41/8 port 30121 -> 10.2.45.197 port 30121 udp

This is my ipfstat -io output.

Am I going the right way ? To apply changes in ipnat.conf, do we need a reboot.

Pls suggest a way forward.

I think it can be done without reboot with that:

ipnat -C -f /etc/ipf/ipnat.conf

To check if rules got imported to NAT table use:

ipnat -l

Thanks for reply. I am getting this error.

# ipnat -C -f /etc/ipf/ipnat.conf
0 entries flushed from NAT list
syntax error error at ":", line 1

Seems like it ipnat doesn't takes interface name with ":". However, this is working fine.

rdr bge1 75.126.76.41/8 port 30118 -> 10.2.45.197 port 30118 udp

Hi People,

Just an update. I have achieved this. :slight_smile:

There is no need for ipf rules here.

We need to specify only ipnat rules in ipnat.conf.

ipnat.conf

rdr bge1 75.126.76.41/8 port 30118 -> 10.2.45.197 port 30118 udp
rdr bge1 75.126.76.41/8 port 30119 -> 10.2.45.197 port 30119 udp
rdr bge1 75.126.76.41/8 port 30120 -> 10.2.45.197 port 30120 udp
rdr bge1 75.126.76.41/8 port 30121 -> 10.2.45.197 port 30121 udp

NOTE: Ipnat rules does not work for virtual IPs.

Thanks to all.