Visit The New, Modern Unix Linux Community


A little help with ipfilter on Omnios


 
Thread Tools Search this Thread
Operating Systems Solaris A little help with ipfilter on Omnios
# 1  
A little help with ipfilter on Omnios

I'm on OmniOS.
I have set a linux zone(lx zone) wich use 10.2.0.0/24 network.
The other network,connected to internet is 192.168.0.0/24
The network interface of 10.2.0.0/24 is bge1
The network interface of 192.168.0.0/24 is bge0
I know is more easy to use the same network but i prefer to separate two networks,one for virtual machines,one for home network.
I have setup the nat with this lines,firewall is ipfilter

Code:
    map bge0 10.2.0.0/24 -> 0/32 portmap tcp/udp auto
    map bge0 10.2.0.0/24 -> 0/32

The zone can ping external(even internet) and is ok
The problem is..I cannot reach the 10.2.0.0/24 from 192.168.0.0/24
network!
Firewall is simple

Code:
    pass in quick proto tcp from any to any port = 2122 keep state
    pass in quick proto tcp from any to any port = 22 keep state
    pass in quick proto tcp from any to any port = 80 keep state
    pass in quick proto tcp from any to any port = 8080 keep state
    pass in quick proto tcp from any to any port = 443 keep state
    pass in quick proto icmp from any to any icmp-type 8 keep state
    pass in quick proto icmp from any to any icmp-type 13 keep state
    pass out quick from any to any keep state
    block in quick all

But when i ping from 192.168.0.0/24 to 10.2.0.0/24..don't ping.
ipnat said

Code:
    List of active sessions:
    MAP 10.2.0.3        <- -> 192.168.0.30    [192.168.0.2]

If i deactive ipnat

Code:
    ipnat -FC

I can ping,but not ssh into the lx zone.
And of course zone cannot ping or reach internet

edit1: ip forward is enabled.
Moderator's Comments:
Mod Comment Please use CODE tags (not ICODE tags) for full line and multi-line sample input, output, and code segments.


---------- Post updated 08-04-18 at 04:25 AM ---------- Previous update was 07-04-18 at 10:59 PM ----------

Solution found: iptables on linux client misconfigured

---------- Post updated at 11:30 AM ---------- Previous update was at 04:25 AM ----------

Solution found using this ipnat.conf,which enable nat external and permit ssh from external.

Code:
map bge0 10.2.0.0/24 -> 0/32 portmap tcp/udp auto
map bge0 10.2.0.0/24 -> 0/32
rdr bge0 from any to 10.2.0.3/32 port = 22 -> 10.2.0.3 port 22 tcp
rdr bge0 from any to 10.2.0.2/32 port = 22 -> 10.2.0.2 port 22 tcp


Last edited by Don Cragun; 04-08-2018 at 01:04 AM.. Reason: Change ICODE tags to CODE tags.
These 2 Users Gave Thanks to Linusolaradm1 For This Post:
# 2  
Thank you for this, quite useful to me as well.

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #983
Difficulty: Medium
The first official NetBSD release, NetBSD 0.1, was made on 9 April 1991.
True or False?

8 More Discussions You Might Find Interesting

1. Solaris

Having troubles searching man pages in OmniOS

I recently have become curious with Illumos distributions, at the present time, OmniOS. One thing I've come to expect is being able to simply type "man ls" for example to figure out how to use system tools. However, running man on OmniOS has provided nothing, nor does it seem to be available ... (4 Replies)
Discussion started by: stratacast1
4 Replies

2. Solaris

Ipfilter question

Howdy My goal is to block locally the applications on a Solaris 10 server to access specific port on a remote machine. All attempts to access the <remote ip>:<remote port> should be rejected with ICMP port unreachable or with TCP RST. I tried with the following: block... (2 Replies)
Discussion started by: ralome
2 Replies

3. Solaris

ipfilter blocking ip fragments

For some reason ipfilter is blocking inbound fragmented ip packets (the packets are larger than the interface's MTU) that are encapsulating UDP segments. The connection works, so I know ipfilter is letting some traffic through, it is just a lot slower than it should be. Rules that allow the... (3 Replies)
Discussion started by: ilikecows
3 Replies

4. Solaris

NAT IPFilter

Hi everybody, I'm running on Solaris 10 X86 (update 1009). I would like to make NAT's rule. I explain you. On Solaris, I configure the principal interface e1000g0 with IP : 192.168.0.33 I created the first logical interface like that : ifconfig e1000g0 addif 192.168.0.40 netmask... (0 Replies)
Discussion started by: aureliensm
0 Replies

5. Solaris

Syntax error ipfilter solaris 10

Hello everyone. I have a problem with ipfilter, you must create a rule to redirect traffic from the external network to internal server on port 443. New Rule: rdr e1000g0 from xx.xx.xx.69/32 port 443 -> 192.168.10.5 port 443 tcp, use ipnat -CF -f /etc/ipnat.conf, and ipf send me from error:... (0 Replies)
Discussion started by: kadavr
0 Replies

6. Cybersecurity

questions about ipfilter

Dears, i am a new user for using ipfilter in solaris 10 and i have some question about this: by using ipfilter for example 1- i want specific MAC address able to access hotmail only 2- also i want to make 10MB for this MAC address is a max download per day 3- i am asking about using MAC... (0 Replies)
Discussion started by: coxmanchester
0 Replies

7. Solaris

ipfilter solaris express

Hello, | am trying to setup ipfilter on solaris express snv_91 but I don't seem to have the following file available. /etc/ipf/pfil.ap Is this an older way of configuring the interface?, I have all the packages installed. Thanks, (1 Reply)
Discussion started by: Actuator
1 Replies

8. HP-UX

ipfilter hpux11.11

how can I create a rule that will allow my machine to FTP to itself, but not allow other machines to FTP to it.. I know this sounds weird but this how they want it so they can test some application functionality that uses ftp. (2 Replies)
Discussion started by: csaunders
2 Replies

Featured Tech Videos