IPfilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Need a one-armed port forwarder

from [Gary Mills] [Permanent Link][Original]
To: ipfilter@coombs.anu.edu.au
Subject: Need a one-armed port forwarder
From: Gary Mills <mills@cc.umanitoba.ca>
Date: Wed, 3 Jan 2007 20:21:52 -0600
Delivered-to: sp-com-lists@consult.net
Delivered-to: ipfilter-list@securepoint.com
Sender: owner-ipfilter@coombs.anu.edu.au
User-agent: Mutt/1.5.10i 
I'm using ipfilter 4.1.13 on a Solaris 9 machine that has only one
ethernet interface.  I'd like to intercept TCP packets arriving on
that interface for a specific port and redirect them to another
machine on the same network.  I only want to alter the destination
IP address, leaving the source IP address intact so that client
logging will work correctly.  I've tested a few ipfilter rules that
I expected to work, but none of them did:

        rdr hme0 0.0.0.0/0 port 23 -> xxx.yyy.16.57 port 23
        block in quick on hme0 to hme0:xxx.yyy.16.57 proto tcp from any to any 
port = 23
        block in quick on hme0 dup-to hme0:xxx.yyy.16.57 proto tcp from any to 
any port = 23

I've since read that this is impossible, because the kernel can't route
a packet back to the interface on which it just arrived.  Is there really
no way to accomplish this with ipfilter?  It seems so simple!

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IPFilter on Solaris 10, Corey Johnston
Next by Date:  Re: Need a one-armed port forwarder, Corey Johnston
Previous by Thread:  IPFilter on Solaris 10, Dave Ockwell-Jenner
Next by Thread:  Re: Need a one-armed port forwarder, Corey Johnston
Indexes:  [Date] [Thread] [Top] [All Lists]