From: Luke Hinds (Luke.Hinds@mformation.com)
Date: Tue Feb 07 2006 - 10:56:58 EST
Hi Managers,
I need to set up ipfilter to do the following.
I have a WebServer listening on port 8080. I wish to redirect port 80 on
the same host to port 8080 where http is listening.
I have enabled IPV4 forwarding:
$ routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 forwarding enabled enabled
I have enabled the correct interface.
# IP Filter pfil autopush setup
#
# See autopush(1M) manpage for more information.
#
# Format of the entries in this file is:
#
#major minor lastminor modules
#le -1 0 pfil
#qe -1 0 pfil
hme -1 0 pfil
#qfe -1 0 pfil
#eri -1 0 pfil
#ce -1 0 pfil
#bge -1 0 pfil
#be -1 0 pfil
#vge -1 0 pfil
#ge -1 0 pfil
#nf -1 0 pfil
#fa -1 0 pfil
#ci -1 0 pfil
#el -1 0 pfil
#ipdptp -1 0 pfil
#lane -1 0 pfil
#dmfe -1 0 pfil
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500
index 2
inet 10.0.7.11 netmask ffffff00 broadcast 10.0.7.255
ether 8:0:20:c6:30:aa
Here is my rule (which is where I am sure I am going wrong):
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
rdr 0.0.0.0/0 port 80 -> 10.0.7.11 port 8080 tcp
I reboot the machine:
$ svcs -x
svc:/network/ipfilter:default (IP Filter)
State: maintenance since Tue Feb 07 15:42:45 2006
Reason: Start method failed repeatedly, last exited with status 1.
See: http://sun.com/msg/SMF-8000-KS
See: ipfilter(5)
See: /etc/svc/volatile/network-ipfilter:default.log
See: /var/svc/log/network-ipfilter:default.log
Impact: This service is not running.
# cat /var/svc/log/network-ipfilter:default.log
[ Feb 2 12:12:58 Disabled. ]
[ Feb 2 12:12:58 Rereading configuration. ]
[ Feb 7 14:47:54 Enabled. ]
[ Feb 7 14:47:54 Executing start method ("/lib/svc/method/ipfilter
start") ]
pfil not configured for firewall/NAT operation
syntax error error at "10", line 8
/lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set
failed
Not switching config due to load error.
[ Feb 7 14:47:55 Method "start" exited with status 1 ]
[ Feb 7 14:47:55 Executing start method ("/lib/svc/method/ipfilter
start") ]
pfil not configured for firewall/NAT operation
syntax error error at "10", line 8
/lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set
failed
Not switching config due to load error.
[ Feb 7 14:47:56 Method "start" exited with status 1 ]
[ Feb 7 14:47:56 Executing start method ("/lib/svc/method/ipfilter
start") ]
pfil not configured for firewall/NAT operation
syntax error error at "10", line 8
/lib/svc/method/ipfilter: load of /etc/ipf/ipf.conf into alternate set
failed
Not switching config due to load error.
[ Feb 7 14:47:56 Method "start" exited with status 1 ]
If reboot without my rule, none of the above errors are shown.
Any help appreciated in advance,
Luke
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:38:51 EDT