RE: Easy port forwarding question

This is a discussion on RE: Easy port forwarding question within the IPFilter forums, part of the System Security and Security Related category; "You mention you are using Solaris - Don't expect a redirect to ever make it to localhost, it doesn'...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page RE: Easy port forwarding question

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 08-08-2006
Mann, Bradley
 
Posts: n/a
Default RE: Easy port forwarding question
"You mention you are using Solaris - Don't expect a redirect to ever
make
it to localhost, it doesn't work."

-Does this mean that there is not a solution to my problem? I have only
two interfaces on the machine: bge0 and lo0 (loopback). I need an
external machine connecting to port 80 to be redirected to port 8080 on
the machine running the webserver and ipfilter.

Thanks,

Brad Mann
Software Engineer - Information Access Services
HARRIS Corporation / GCSD
(321) 984-6292

-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au
[mailto:owner-ipfilter@coombs.anu.edu.au] On Behalf Of Larry Moore
Sent: Tuesday, August 08, 2006 10:22 AM
To: ipfilter@coombs.anu.edu.au
Subject: Re: Easy port forwarding question

Mann, Bradley wrote:
> The webserver is also listening on localhost:8080 as far as I know. If
I
> open a browser and navigate to http://localhost:8080 on the server
> machine, I am able to access my web page. However, these rules appear
to
> have no affect:
>
> rdr bge0 0.0.0.0/0 port 80 -> 0.0.0.0 port 8080
> rdr bge0 0.0.0.0/0 port 443 -> 0.0.0.0 port 8443
>
> Can you see any reason why these shouldn't work?
>


You mention you are using Solaris - Don't expect a redirect to ever make

it to localhost, it doesn't work.

That aside, why do you define the destination address as 0.0.0.0 -
surely that is going to fail.

I would suggest you remove ipf rules from the equation by not loading
them or at least not defining any and only having ipnat rules.

The following works for me on an OpenBSD 3.3 system with IP Filter
3.4.35 installed.

rdr sis0 0/0 port 80 -> 192.168.54.9 port 8080

where sis0 is my internal interface and 192.168.54.9 is the address of
sis0.

httpd is only listening on port 8080 and it works - see trimmed output
from ipnat -l.


bash-2.05b# ipnat -l |grep 80 ; netstat -anf inet | grep 80
rdr sis0 0.0.0.0/0 port 80 -> 192.168.54.9 port 8080 tcp
RDR 192.168.54.9 8080 <- -> 192.168.54.9 80 [192.168.54.114
2766]
RDR 192.168.54.9 8080 <- -> 192.168.54.9 80 [192.168.54.114
2765]
tcp 0 0 192.168.54.9.8080 192.168.54.114.2766
ESTABLISHED
tcp 0 0 192.168.54.9.8080 192.168.54.114.2765
ESTABLISHED
tcp 0 0 *.8080 *.*
LISTEN

Have you verified with a browser that http://<ip-address of bge0>:8080
works?

Larry.


Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:28 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0