Gary Mills wrote:
I'm using ipfilter 4.1.13 on a Solaris 9 machine that has only one
ethernet interface. I'd like to intercept TCP packets arriving on
that interface for a specific port and redirect them to another
machine on the same network. I only want to alter the destination
IP address, leaving the source IP address intact so that client
logging will work correctly. I've tested a few ipfilter rules that
I expected to work, but none of them did:
rdr hme0 0.0.0.0/0 port 23 -> xxx.yyy.16.57 port 23
block in quick on hme0 to hme0:xxx.yyy.16.57 proto tcp from any to any
port = 23
block in quick on hme0 dup-to hme0:xxx.yyy.16.57 proto tcp from any to
any port = 23
http://www.phildev.net/ipf/IPFprob.html#prob8
I've since read that this is impossible, because the kernel can't route
a packet back to the interface on which it just arrived.
if the kernel can't or doesn't want to do it, get a userland
program to do it.
e.g.
http://marc.theaimsgroup.com/?l=ipfilter&w=2&r=1&s=bounce&q=b
leads to
http://marc.theaimsgroup.com/?l=ipfilter&m=105309920505392&w=2
leading to things like
http://www.freshports.org/net/bounce
http://gatekeeper.dec.com/pub/BSD/NetBSD/NetBSD-current/pkgsrc/net/bounce/README.html
and even
http://locutus.kingwoodcable.com/jfd/java/tcp/tcp.html
> Is there really
no way to accomplish this with ipfilter? It seems so simple!
though it may be simple it is not a function of ipfilter.
jim
|