ipnat(1M)ipnat(1M)NAME
ipnat - user interface to the NAT subsystem
SYNOPSIS
ipnat [-dlhnrsvCF] -f filename
The ipnat utility opens a specified file (treating - as stdin) and parses it for a set of rules that are to be added or removed from the IP
NAT.
If there are no parsing problems, each rule processed by ipnat is added to the kernel's internal lists. Rules are appended to the internal
lists, matching the order in which they appear when given to ipnat.
ipnat's use is restricted through access to /dev/ipauth, /dev/ipl, and /dev/ipstate. The default permissions of these files require ipnat
to be run as root for all operations.
ipnat's use is restricted through access to /dev/ipnat. The default permissions of /dev/ipnat require ipnat to be run as root for all oper-
ations.
The following options are supported:
-C
Delete all entries in the current NAT rule listing (NAT rules).
-F
Delete all active entries in the current NAT translation table (currently active NAT mappings).
-d
Turn debug mode on. Causes a hex dump of filter rules to be generated as it processes each one.
-f filename
Parse specified file for rules to be added or removed from the IP NAT. filename can be stdin.
-h
Print number of hits for each MAP/Redirect filter.
-l
Show the list of current NAT table entry mappings.
-n
Prevents ipf from doing anything, such as making ioctl calls, which might alter the currently running kernel.
-s
Retrieve and display NAT statistics.
-r
Remove matching NAT rules rather than add them to the internal lists.
-v
Turn verbose mode on. Displays information relating to rule processing and active rules/table entries.
/dev/ipnat
Link to IP Filter pseudo device.
/dev/kmem
Special file that provides access to virtual address space.
/etc/ipf/ipnat.conf
Location of ipnat startup configuration file.
/usr/share/ipfilter/examples/
Contains numerous IP Filter examples.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWipfu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
ipf(1M), ipfstat(1M), ipnat(4), attributes(5)
To view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operat-
ing environment has been installed anywhere other than the default, modify the given path to access the file at the installed location.
25 Jul 2005 ipnat(1M)
how can I create a rule that will allow my machine to FTP to itself, but not allow other machines to FTP to it.. I know this sounds weird but this how they want it so they can test some application functionality that uses ftp. (2 Replies)
Hello,
| am trying to setup ipfilter on solaris express snv_91 but I don't seem to have the following file available.
/etc/ipf/pfil.ap
Is this an older way of configuring the interface?, I have all the packages installed.
Thanks, (1 Reply)
Dears,
i am a new user for using ipfilter in solaris 10
and i have some question about this:
by using ipfilter
for example
1- i want specific MAC address able to access hotmail only
2- also i want to make 10MB for this MAC address is a max download per day
3- i am asking about using MAC... (0 Replies)
Hello everyone. I have a problem with ipfilter, you must create a rule to redirect traffic from the external network to internal server on port 443. New Rule:
rdr e1000g0 from xx.xx.xx.69/32 port 443 -> 192.168.10.5 port 443 tcp,
use ipnat -CF -f /etc/ipnat.conf, and ipf send me from error:... (0 Replies)
Hi everybody,
I'm running on Solaris 10 X86 (update 1009).
I would like to make NAT's rule. I explain you.
On Solaris, I configure the principal interface e1000g0 with IP : 192.168.0.33
I created the first logical interface like that :
ifconfig e1000g0 addif 192.168.0.40 netmask... (0 Replies)
For some reason ipfilter is blocking inbound fragmented ip packets (the packets are larger than the interface's MTU) that are encapsulating UDP segments. The connection works, so I know ipfilter is letting some traffic through, it is just a lot slower than it should be.
Rules that allow the... (3 Replies)
Howdy
My goal is to block locally the applications on a Solaris 10 server to access specific port on a remote machine. All attempts to access the <remote ip>:<remote port> should be rejected with ICMP port unreachable or with TCP RST.
I tried with the following:
block... (2 Replies)
Hi.
I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term.
I would like to route all VPN client requests for addresses... (0 Replies)
I'm on OmniOS.
I have set a linux zone(lx zone) wich use 10.2.0.0/24 network.
The other network,connected to internet is 192.168.0.0/24
The network interface of 10.2.0.0/24 is bge1
The network interface of 192.168.0.0/24 is bge0
I know is more easy to use the same network but i prefer to... (1 Reply)
Hello everyone,
Is it possible to use a bash script that downloads an IP filter with the following options (see attachment)
I have tried multiple time, but I am not very familiar with bash scripting yet.
Could someone please help me out?
The site is... (4 Replies)