[OpenIndiana-discuss] ipfilter: ipnat working?

theophile.dudreuilh at yahoo.com theophile.dudreuilh at yahoo.com
Tue Feb 25 16:08:35 UTC 2025 

 Hello, 

NAT and DNAT are perfectly working.

- Here is an example of both NAT and DNAT in /etc/ipf/ipnat.conf : (e1000g0 is WAN NIC here)
# NAT
map e1000g0 10.10.10.0/24 -> 0/32 portmap tcp/udp automap e1000g0 10.10.10.0/24 -> 0/32

# DNAT for a Web Server
rdr e1000g0 45.56.67.78 port 443 -> 10.10.10.210 port 443


- Do not forget to create a rule in /etc/ipf/ipf.conf to permit :
pass in quick on e1000g0 proto tcp from any to 10.10.10.210 port = 443 keep state 

- Enable ipfilter and load the configuration files :
svcadm enable svc:/network/ipfilter:default
ipf -Fa -f /etc/ipf/ipf.conf
ipnat -CF -f /etc/ipf/ipnat.conf

- Enable ipv4-forwarding : 
svcadm enable ipv4-forwardingrouteadm -e ipv4-forwarding -u

Good luck ;-)





    Le mardi 25 février 2025 à 16:53:47 UTC+1, Stephan Althaus <stephan.althaus at duedinghausen.eu> a écrit :  
 
 Hello!

i am having a problem with a simple tcp redirection.

Can someone confirm that ipnat is expected to work, does someone use it ?

Or is it still a config error on my side?


Any hints are appreciated!


Regards,

Stephan

------------------------------------------------------------------------------------------

# cat ipf.conf
pass in all
pass out all

# ipnat -l
List of active MAP/Redirect filters:
rdr e1000g1 0.0.0.0/0 port 11022 -> 192.168.2.63 port 22 tcp

List of active sessions:
RDR 192.168.2.63    22    <- -> 192.168.2.73    11022 [192.168.2.64 54574]

------------------------------------------------------------------------------------------


# routeadm
               Configuration   Current              Current
                      Option   Configuration        System State
---------------------------------------------------------------
                IPv4 routing   enabled              enabled
                IPv6 routing   disabled             disabled
             IPv4 forwarding   enabled              enabled
             IPv6 forwarding   disabled             disabled

            Routing services   "route:default ripng:default"

Routing daemons:

                       STATE   FMRI
                    disabled svc:/network/routing/legacy-routing:ipv4
                    disabled svc:/network/routing/legacy-routing:ipv6
                    disabled   svc:/network/routing/rdisc:default
                      online   svc:/network/routing/route:default
                    disabled   svc:/network/routing/ripng:default
                      online   svc:/network/routing/ndp:default


_______________________________________________
openindiana-discuss mailing list
openindiana-discuss at openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the openindiana-discuss mailing list