LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
Reload this Page ipfilter with NAT question
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Reply
 
Thread Tools
Old 10-29-2009, 11:15 AM   #1
bradvan
Member
 
Registered: Mar 2009
Posts: 45
Thanked: 0
ipfilter with NAT question

[Log in to get rid of this advertisement]
Need to set up ipfilter on Solaris 10. All the systems behind the Solaris system are using the 192.168.0.0/24 network and have a one-to-one routeable address assigned to it. So, I set up NAT using the bimap keyword, one for each pairing. My question is about when does the NATing occur? That is, in my block and pass rules, do I use the "NATed" address or the 192.168 address?

Thanks!

Never mind. I find the answer in the ipfilter FAQ:

http://www.phildev.net/ipf/IPFques.html#ques11

Thanks!
Last edited by bradvan; 10-29-2009 at 12:38 PM.. Reason: Found the answer
windows_xp_2003 bradvan is offline     Reply With Quote
Old 10-29-2009, 10:03 PM   #2
choogendyk
Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 854
Thanked: 34
You could also look at /usr/share/ipfilter/examples on your Solaris 10 system. That's loaded with examples, including basic NAT. Just thought I would note that for future reference, and to make this not a 0 reply thread.
macos choogendyk is offline     Reply With Quote
Thanked by:
Old 10-29-2009, 11:27 PM   #3
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris, under a rock ...
Distribution: Solaris & OpenSolaris based distros, Ubuntu
Posts: 8,137
Thanked: 86
Interestingly, here is what I just found in one of these files:
Quote:
Originally Posted by /usr/share/ipfilter/examples/nat-setup
Filtering with NAT.
-------------------
IP Filter will always translate addresses in a packet _BEFORE_ it checks its
access list for inbound packets and translates addresses _AFTER_ it has
checked the access control lists for outbound packets.
solaris jlliagre is offline     Reply With Quote
Thanked by:
Old 10-30-2009, 06:09 AM   #4
bradvan
Member
 
Registered: Mar 2009
Posts: 45
Thanked: 0

Original Poster
Thanks, I didn't know that was there. I'll take a look.

Thanks again!
windows_xp_2003 bradvan is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ipfilter with NAT question bradvan Linux - Security 1 10-29-2009 11:33 AM
Nat Question keyboard1973 Linux - Newbie 7 05-25-2009 02:49 AM
Nat Question keefaz Linux - Networking 3 08-25-2008 04:55 AM
nat question gubak Linux - Networking 2 03-01-2005 07:54 AM
Installing IPFILTER question satimis *BSD 2 05-22-2004 03:36 PM


All times are GMT -5. The time now is 12:21 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration