solaris and ipfilter 4.1.8
This is a discussion on solaris and ipfilter 4.1.8 within the IPFilter forums, part of the System Security and Security Related category; Ok. I am sooo close here, but cannot figure out whats missing... I use pppd to connect pppoe to my ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-07-2005
|
|||
|
|||
solaris and ipfilter 4.1.8
Ok. I am sooo close here, but cannot figure out whats missing...
I use pppd to connect pppoe to my ISP and I see the sppp0 created and that looks fine. So I think my ppp config is cool. I have 8 static IPs with 5 routeable...for sake of discussion that is 207.227.112.169/29 with 207.227.112.174 being the router IP: I have setup ipnat as such: (keep it simple to start) map sppp0 192.168.82.0/24 -> 207.227.112.169/32 portmap tcp/udp auto map sppp0 192.168.82.0/24 -> 207.227.112.169/32 This ideally should send ANY traffic out from my clients to the WAN using that specific public IP. then I did a basic ipfilter: ========================================= bge0=lan interface on router bge1=interface to DSL modem # Allow traffic on lo0/bge0 to pass unimpeded pass in quick on lo0 all pass out quick on lo0 all pass in quick on bge0 all pass out quick on bge0 all # -------------------------------------------------------------- # That which is not explicitly allowed is forbidden block in log on sppp0 all # -------------------------------------------------------------- # TCP/UDP Protocols pass out quick on sppp0 proto tcp from 192.168.82.0/24 to any keep state pass out quick on sppp0 proto udp from 192.168.82.0/24 to any keep state ============================================ again real simple for testing. Well, I startup ppp and then pfil and ipfilter - all run under SMF with no errors..so I am cool there. However, the only machine that actually has outside access is the router itself and it assumes the router IP (which I dont even map at this time). ipnat -l: # ipnat -l List of active MAP/Redirect filters: map sppp0 192.168.82.0/24 -> 207.227.112.169/32 portmap tcp/udp auto map sppp0 192.168.82.0/24 -> 207.227.112.169/32 List of active sessions: ipstat -hio: # ipfstat -hio 0 pass out quick on lo0 all 168 pass out quick on bge0 all 0 pass out quick on sppp0 proto tcp from 192.168.82.0/24 to any keep state 0 pass out quick on sppp0 proto udp from 192.168.82.0/24 to any keep state 0 pass in quick on lo0 all 284 pass in quick on bge0 all 0 block in log on sppp0 all ....so it looks like I did things right...so what am I missing? I added 'ifconfig bge0 router' and even then tried 'ifconfig sppp0 router' to force ip_forwarding on..and it made no difference. any thought or how I go about trying to see what stooopid thing I am missing? Jeff 
|
Linear Mode
