SUMMARY: calling ipfilter guru's

From: Luke Hinds <Luke.Hinds_at_mformation.com>
Date: Tue Feb 07 2006 - 12:34:12 EST
Hi All,

Well as many pointed out it was as simple as placing my rule in the
ipnat.conf rather then ipconf.conf :)

Also thanks to John Benjamins who helped with the syntax:

rdr hme0 0.0.0.0/0 port 80 -> 10.0.7.11 port 8080

Cheers all,
Luke

-----Original Message-----
From: sunmanagers-bounces@sunmanagers.org
[mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of Luke Hinds
Sent: 07 February 2006 15:57
To: sunmanagers@sunmanagers.org
Subject: calling ipfilter guru's

Hi Managers,

I need to set up ipfilter to do the following.

I have a WebServer listening on port 8080. I wish to redirect port 80 on
the same host to port 8080 where http is listening.

I have enabled IPV4 forwarding:

$ routeadm
              Configuration   Current              Current
                     Option   Configuration        System State
---------------------------------------------------------------
            IPv4 forwarding   enabled              enabled


I have enabled the correct interface.

# IP Filter pfil autopush setup
#
# See autopush(1M) manpage for more information.
#
# Format of the entries in this file is:
#
#major  minor lastminor modules

#le     -1      0       pfil
#qe     -1      0       pfil
hme     -1      0       pfil
#qfe    -1      0       pfil
#eri    -1      0       pfil
#ce     -1      0       pfil
#bge    -1      0       pfil
#be     -1      0       pfil
#vge    -1      0       pfil
#ge     -1      0       pfil
#nf     -1      0       pfil
#fa     -1      0       pfil
#ci     -1      0       pfil
#el     -1      0       pfil
#ipdptp -1      0       pfil
#lane   -1      0       pfil
#dmfe   -1      0       pfil

# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
        inet 127.0.0.1 netmask ff000000
hme0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500
index 2
        inet 10.0.7.11 netmask ffffff00 broadcast 10.0.7.255
        ether 8:0:20:c6:30:aa

Here is my rule (which is where I am sure I am going wrong):

# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
rdr 0.0.0.0/0 port 80 -> 10.0.7.11 port 8080 tcp


I reboot the machine:

$ svcs -x
svc:/network/ipfilter:default (IP Filter)
 State: maintenance since Tue Feb 07 15:42:45 2006
Reason: Start method failed repeatedly, last exited with status 1.
   See: http://sun.com/msg/SMF-8000-KS
   See: ipfilter(5)
   See: /etc/svc/volatile/network-ipfilter:default.log
   See: /var/svc/log/network-ipfilter:default.log
Impact: This service is not running.

# cat /var/svc/log/network-ipfilter:default.log
[ Feb  2 12:12:58 Disabled. ]
[ Feb  2 12:12:58 Rereading configuration. ]
[ Feb  7 14:47:54 Enabled. ]
[ Feb  7 14:47:54 Executing start method ("/lib/svc/method/ipfilter
start") ]
pfil not configured for firewall/NAT operation
syntax error error at "10", line 8
/lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set
failed
Not switching config due to load error.
[ Feb  7 14:47:55 Method "start" exited with status 1 ]
[ Feb  7 14:47:55 Executing start method ("/lib/svc/method/ipfilter
start") ]
pfil not configured for firewall/NAT operation
syntax error error at "10", line 8
/lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set
failed
Not switching config due to load error.
[ Feb  7 14:47:56 Method "start" exited with status 1 ]
[ Feb  7 14:47:56 Executing start method ("/lib/svc/method/ipfilter
start") ]
pfil not configured for firewall/NAT operation
syntax error error at "10", line 8
/lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set
failed
Not switching config due to load error.
[ Feb  7 14:47:56 Method "start" exited with status 1 ]

If reboot without my rule, none of the above errors are shown.

Any help appreciated in advance,

Luke
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Feb 7 12:34:54 2006

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:55 EST