SUMMARY: Help Needed with Solaris 10 (x86) ipfilter/ipnat

From: Tim Evans <>
Date: Sun Nov 05 2006 - 13:04:04 EST
I wrote:

>I'm having trouble setting up Solaris 10 ipfilter and ipnat to function as a 
>firewall/router for my internal network. (The same physical box works perfectly 
>for this purpose when booted in RedHat Linux.)

Thanks to, "Andy Harrison" <>, and 
Rich Teer <>

Peter pointed out I needed an ipf.conf rule for the internal interface, like 

pass in quick on elxl0 from to any keep state

I'd mistakenly thought ipfilter would pass such by default.

Rich referred me his article at 
which focuses on ipnat.conf, rather than ipf.conf

Andy reminded me to check the forwarding status of the interfaces:

ndd -get /dev/tcp ip_forwarding

I'd mentioned the new Solaris 10 'routeadm' utility, which lets you set this 
(and other related network stuff) up with a unified interface.
Tim Evans,, Inc.	|    5 Chestnut Court		|    Owings Mills, MD 21117		|    443-394-3864	|    
sunmanagers mailing list
Received on Sun Nov 5 13:04:45 2006

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:02 EST