Solaris / OpenSolarisThis forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am looking out a way to forward all UDP traffic coming on ports 3001,3002,3003 and 3004 on server 10.2.45.100
to corresponding ports of server 10.2.45.101.
I am using Solaris 10.0.
Code:
-bash-3.00$ uname -a
SunOS airtelussd2 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V445
Is there someway out in Solaris to accomplish this ?
Thanks a ton Jlliagre for you reply. I was just googling ipfilters only.
I have a little confusion, what kind of rules are defined in ipnat.conf and and Packet Config. File (/etc/ipf/ipf.conf).
To accomplish my task, would this be enough in ipnat.conf ? Do I need to write some rules in ipf.conf too ?
Code:
rdr bge1:1 75.126.76.41/8 port 30118 -> 10.2.45.101 port 30118 udp
rdr bge1:1 75.126.76.41/8 port 30119 -> 10.2.45.101 port 30119 udp
rdr bge1:1 75.126.76.41/8 port 30120 -> 10.2.45.101 port 30120 udp
rdr bge1:1 75.126.76.41/8 port 30121 -> 10.2.45.101 port 30121 udp
Please suggest.
Last edited by vikas027; 10-10-2009 at 09:03 AM.
Reason: missed something.
I believe you are in a better position than anyone else to answer your own question. Did you try this configuration ? What was the result ?
I tried writing rules both in ipf.conf and ipnat.conf. Here, are these.
ipf.conf
Code:
pass in quick log proto udp from 75.126.76.41 port = 30118 to 10.2.45.197 port = 30118
pass in quick log proto udp from 75.126.76.41 port = 30119 to 10.2.45.197 port = 30119
pass in quick log proto udp from 75.126.76.41 port = 30120 to 10.2.45.197 port = 30120
pass in quick log proto udp from 75.126.76.41 port = 30121 to 10.2.45.197 port = 30121
ipnat.conf
Code:
rdr bge1:1 75.126.76.41/8 port 30118 -> 10.2.45.197 port 30118 udp
rdr bge1:1 75.126.76.41/8 port 30119 -> 10.2.45.197 port 30119 udp
rdr bge1:1 75.126.76.41/8 port 30120 -> 10.2.45.197 port 30120 udp
rdr bge1:1 75.126.76.41/8 port 30121 -> 10.2.45.197 port 30121 udp
I have enabled rules in ipf.conf
Code:
# ipfstat -io
empty list for ipfilter(out)
pass in log quick proto udp from 75.126.76.41/32 port = 30118 to 10.2.45.197/32 port = 30118
pass in log quick proto udp from 75.126.76.41/32 port = 30119 to 10.2.45.197/32 port = 30119
pass in log quick proto udp from 75.126.76.41/32 port = 30120 to 10.2.45.197/32 port = 30120
pass in log quick proto udp from 75.126.76.41/32 port = 30121 to 10.2.45.197/32 port = 30121
BUT, unable to apply rules of ipnat.conf, I am getting this error.
Code:
# ipnat -C -f ipnat.conf
0 entries flushed from NAT list
syntax error error at ":", line 1
Seems like it ipnat doesn't takes interface name with ":". However, this is working fine.
Code:
rdr bge1 75.126.76.41/8 port 30118 -> 10.2.45.197 port 30118 udp
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
I don't see what is the purpose of the ipf.conf rules. The firewall passes all traffic by default so it shouldn't change anything to explicitly allow traffic when none is blocked.
About bge1:1, the documentation indeed states interfaces must not be virtual ones. Using bge1 shouldn't be a problem. Aren't the ports forwarded with you latest settings ?
I don't see what is the purpose of the ipf.conf rules. The firewall passes all traffic by default so it shouldn't change anything to explicitly allow traffic when none is blocked.
About bge1:1, the documentation indeed states interfaces must not be virtual ones. Using bge1 shouldn't be a problem. Aren't the ports forwarded with you latest settings ?
Hi,
Actually, I have these two interfaces on my system, and UDP traffic is coming on 10.2.45.200. So, I believe putting bge1 in ipnat.conf will not serve my purpose.
Code:
bge1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
groupname ipmp0
ether 0:14:4f:c4:79:bd
bge1:1: flags=1140843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,ROUTER,IPv4> mtu 1500 index 3
inet 10.2.45.200 netmask ffffff80 broadcast 10.2.45.255
That's what I'm trying to explain. Traffic coming on 10.2.45.200 will pass through the bge1 physical interface.
Okay, now I understand.
So, I believe this should help me out.
Code:
# ipnat -l
List of active MAP/Redirect filters:
rdr bge1 75.0.0.0/8 port 30118 -> 10.2.45.197 port 30118 udp
rdr bge1 75.0.0.0/8 port 30119 -> 10.2.45.197 port 30119 udp
rdr bge1 75.0.0.0/8 port 30120 -> 10.2.45.197 port 30120 udp
rdr bge1 75.0.0.0/8 port 30121 -> 10.2.45.197 port 30121 udp
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Port/IP Forwarding in Solaris 10.0
