what am i doung wrong?

This is a discussion on what am i doung wrong? within the IPFilter forums, part of the System Security and Security Related category; solaris 8 64 bit, ipfilter 3.4.35. filtering has been working fine since i launched this machine last november, ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page what am i doung wrong?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 10-20-2005
Sandwich Maker
 
Posts: n/a
Default what am i doung wrong?
solaris 8 64 bit, ipfilter 3.4.35.

filtering has been working fine since i launched this machine last
november, though i've changed the rules a few times. but now i want
to add nat so that a w98 notebook can share my [static ip] dialup, and
that -isn't- working.

the two systems talk to each other fine over my network. when i try
to reach outside from the notebook, snoop sees outgoing packets and
replies but ipfstat -t sees nothing, and the notebook sees nothing
also.

# ipfstat -ion
@1 pass out on ipdptp0 proto tcp/udp from 0/32 to any keep state
@2 pass out on ipdptp0 proto icmp from 0/32 to any keep state
@1 block in log quick on ipdptp0 proto icmp from any to 0/32
@2 block in log quick from any to any with ipopt
@3 block in log quick proto tcp from any to any with short
@4 block in on ipdptp0 from any to any
@5 pass in on ipdptp0 proto tcp from 208.218.130.0/27 to 0/32 port = 25 flags S/FSRPAU keep state keep frags
@6 pass in on ipdptp0 proto tcp from any to 0/32 port > 32767 flags S/FSRPAU keep state keep frags head 100
@1 block in from 0.0.0.0/8 to any group 100
@2 block in from 10.0.0.0/8 to any group 100
@3 block in from 127.0.0.0/8 to any group 100
@4 block in from 169.154.0.0/16 to any group 100
@5 block in from 172.16.0.0/12 to any group 100
@6 block in from 192.0.2.0/24 to any group 100
@7 block in from 192.168.0.0/16 to any group 100
@8 block in from 0/32 to any group 100
@9 block in from 224.0.0.0/3 to any group 100

# ipnat -l
List of active MAP/Redirect filters:
map ipdptp0 10.0.0.0/8 -> 0/32 portmap tcp/udp auto
map ipdptp0 10.0.0.0/8 -> 0/32

i've also tried a couple of map proxies - ftp, raudio - but they
didn't make a difference. neither did specifying port 32768:65535.

btw, i edited my external ip here to be 0/32 but i use my actual ip in
my rules. as i said, it's static, so should be irrelevant...
__________________________________________________ ______________________
Andrew Hay the genius nature
internet rambler is to see what all have seen
adh@an.bradford.ma.us and think what none thought
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:03 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0