Re: Getting ipfilter to work on Solaris 10

This is a discussion on Re: Getting ipfilter to work on Solaris 10 within the IPFilter forums, part of the System Security and Security Related category; Since the advices start to repeat I will summarize what I have done so far... My NIC is a National ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: Getting ipfilter to work on Solaris 10

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-16-2005
Albert Bachmann
 
Posts: n/a
Default Re: Getting ipfilter to work on Solaris 10
Since the advices start to repeat I will summarize what I have done so
far...

My NIC is a National Semiconductor DP83815 ethernet card. Since Solaris
10 doesn't support this NIC I had to install the driver generously
provided by Masayuki Murayama from
http://homepage2.nifty.com/mrym3/taiyodo/eng/index.htm.

I can successfully establish ADSL connections with Solaris' 10 build in
pppd and pppoe. Here are my actual settings:

root@athene ~ # grep -v '^#' /etc/ppp/options
lock
plink
usepeerdns

root@athene ~ # grep -v '^#' /etc/ppp/peers/dsl
sppptun
plugin pppoe.so
connect "/usr/lib/inet/pppoec sfe1"
persist
user "007823424083453"
noauth
noipdefault
defaultroute
noccp
noaccomp
novj
nopcomp
nolog

root@athene ~ # grep -v '^#' /etc/ipf/pfil.ap
sfe -1 0 pfil
sppp -1 0 pfil

root@athene ~ # grep -v '^#' /etc/ipf/ipf.conf
block in all
block out all

root@athene ~ # ipfstat -hio
0 block out all
0 block in all

root@athene ~ # svcs pfil ipfilter
STATE STIME FMRI
online 16:19:57 svc:/network/pfil:default
online 16:20:02 svc:/network/ipfilter:default

root@athene ~ # ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv 4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
sfe1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index
2
inet 192.168.0.2 netmask ffffff00 broadcast 192.168.0.255
ether 0:2:e3:18:a6:ce
sppp0:
flags=10010008d1<UP,POINTOPOINT,RUNNING,NOARP,MULT ICAST,IPv4,FIXEDMTU>
mtu 1492 index 3
inet 62.226.237.234 --> 217.5.98.147 netmask ff000000

root@athene ~ # ifconfig sfe1 modlist
0 arp
1 ip
2 pfil
3 sfe

root@athene ~ # ifconfig sppp0 modlist
0 ip
1 sppp

root@athene ~ # ifconfig sppp0 modinsert pfil@1
root@athene ~ # ifconfig sppp0 modlist
0 ip
1 pfil
2 sppp

In any case my network traffic seems to be unaffected. I usually check
for port 111 being open with the help of an external portscanner and it
always reports 111 as open. I tried newer ipfilter and pfil versions and
it basically worked. However I experience system panics with them.

Regards,
Albert


Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:50 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0