SUMMARY: Help Needed with Solaris 10 (x86) ipfilter/ipnat

I wrote:

>I'm having trouble setting up Solaris 10 ipfilter and ipnat to function as a
>firewall/router for my internal network. (The same physical box works perfectly
>for this purpose when booted in RedHat Linux.)

Thanks to Peter.Ondruska@intese.cz, "Andy Harrison" <aharrison@gmail.com>, and
Rich Teer <rich.teer@rite-group.com>

Peter pointed out I needed an ipf.conf rule for the internal interface, like
this:

pass in quick on elxl0 from 192.168.252.0/255.255.255.0 to any keep state

I'd mistakenly thought ipfilter would pass such by default.

Rich referred me his article at http://www.rite-group.com/rich/solaris_nat.html
which focuses on ipnat.conf, rather than ipf.conf

Andy reminded me to check the forwarding status of the interfaces:

ndd -get /dev/tcp ip_forwarding

I'd mentioned the new Solaris 10 'routeadm' utility, which lets you set this
(and other related network stuff) up with a unified interface.
--
Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court
tkevans@tkevans.com | Owings Mills, MD 21117
http://www.tkevans.com/ | 443-394-3864
http://www.come-here.com/News/ |