I wrote:
>I'm having trouble setting up Solaris 10 ipfilter and ipnat to function as a
>firewall/router for my internal network. (The same physical box works
>perfectly
>for this purpose when booted in RedHat Linux.)
Thanks to Peter.Ondruska@intese.cz, "Andy Harrison" <aharrison@gmail.com>, and
Rich Teer <rich.teer@rite-group.com>
Peter pointed out I needed an ipf.conf rule for the internal interface, like
this:
pass in quick on elxl0 from 192.168.252.0/255.255.255.0 to any keep state
I'd mistakenly thought ipfilter would pass such by default.
Rich referred me his article at http://www.rite-group.com/rich/solaris_nat.html
which focuses on ipnat.conf, rather than ipf.conf
Andy reminded me to check the forwarding status of the interfaces:
ndd -get /dev/tcp ip_forwarding
I'd mentioned the new Solaris 10 'routeadm' utility, which lets you set this
(and other related network stuff) up with a unified interface.
--
Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court
tkevans@tkevans.com | Owings Mills, MD 21117
http://www.tkevans.com/ | 443-394-3864
http://www.come-here.com/News/ |
|