Hi All, Well as many pointed out it was as simple as placing my rule in the ipnat.conf rather then ipconf.conf :) Also thanks to John Benjamins who helped with the syntax: rdr hme0 0.0.0.0/0 port 80 -> 10.0.7.11 port 8080 Cheers all, Luke -----Original Message----- From: sunmanagers-bounces@sunmanagers.org [mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of Luke Hinds Sent: 07 February 2006 15:57 To: sunmanagers@sunmanagers.org Subject: calling ipfilter guru's Hi Managers, I need to set up ipfilter to do the following. I have a WebServer listening on port 8080. I wish to redirect port 80 on the same host to port 8080 where http is listening. I have enabled IPV4 forwarding: $ routeadm Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 forwarding enabled enabled I have enabled the correct interface. # IP Filter pfil autopush setup # # See autopush(1M) manpage for more information. # # Format of the entries in this file is: # #major minor lastminor modules #le -1 0 pfil #qe -1 0 pfil hme -1 0 pfil #qfe -1 0 pfil #eri -1 0 pfil #ce -1 0 pfil #bge -1 0 pfil #be -1 0 pfil #vge -1 0 pfil #ge -1 0 pfil #nf -1 0 pfil #fa -1 0 pfil #ci -1 0 pfil #el -1 0 pfil #ipdptp -1 0 pfil #lane -1 0 pfil #dmfe -1 0 pfil # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2 inet 10.0.7.11 netmask ffffff00 broadcast 10.0.7.255 ether 8:0:20:c6:30:aa Here is my rule (which is where I am sure I am going wrong): # ipf.conf # # IP Filter rules to be loaded during startup # # See ipf(4) manpage for more information on # IP Filter rules syntax. rdr 0.0.0.0/0 port 80 -> 10.0.7.11 port 8080 tcp I reboot the machine: $ svcs -x svc:/network/ipfilter:default (IP Filter) State: maintenance since Tue Feb 07 15:42:45 2006 Reason: Start method failed repeatedly, last exited with status 1. See: http://sun.com/msg/SMF-8000-KS See: ipfilter(5) See: /etc/svc/volatile/network-ipfilter:default.log See: /var/svc/log/network-ipfilter:default.log Impact: This service is not running. # cat /var/svc/log/network-ipfilter:default.log [ Feb 2 12:12:58 Disabled. ] [ Feb 2 12:12:58 Rereading configuration. ] [ Feb 7 14:47:54 Enabled. ] [ Feb 7 14:47:54 Executing start method ("/lib/svc/method/ipfilter start") ] pfil not configured for firewall/NAT operation syntax error error at "10", line 8 /lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set failed Not switching config due to load error. [ Feb 7 14:47:55 Method "start" exited with status 1 ] [ Feb 7 14:47:55 Executing start method ("/lib/svc/method/ipfilter start") ] pfil not configured for firewall/NAT operation syntax error error at "10", line 8 /lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set failed Not switching config due to load error. [ Feb 7 14:47:56 Method "start" exited with status 1 ] [ Feb 7 14:47:56 Executing start method ("/lib/svc/method/ipfilter start") ] pfil not configured for firewall/NAT operation syntax error error at "10", line 8 /lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set failed Not switching config due to load error. [ Feb 7 14:47:56 Method "start" exited with status 1 ] If reboot without my rule, none of the above errors are shown. Any help appreciated in advance, Luke _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Feb 7 12:34:54 2006
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:55 EST