HPE Community
Operating System - HP-UX
1826081 Members
3130 Online
109690 Solutions
New Discussion

ipfilter/ipnat problem. redirection rules are ignored

 
Niklas Wirström
Occasional Contributor

‎07-11-2006 06:38 AM

‎07-11-2006 06:38 AM

ipfilter/ipnat problem. redirection rules are ignored

I'm trying to use ipnat for port redirection, but the rules are totaly ignored.

My default network interface is lan0, and I want to redirect a port (20993) to port 22.

I am using the following rule:
"rdr lan0 193.10.67.98/32 port 20993 -> 193.10.67.98 port 22"

"ndd -get /dev/ip ip_forwarding" gives me a "2" as it should.

I even tried the following rule:
"rdr lan0 193.10.67.98/32 port 22 -> 193.10.67.98 port 9999"
which should give me a connection refused while trying to ssh to the maschine. But id doesn't.

0 Kudos
Reply
9 REPLIES 9
Steven E. Protter
Exalted Contributor

‎07-11-2006 06:43 AM

‎07-11-2006 06:43 AM

Re: ipfilter/ipnat problem. redirection rules are ignored

Shalom Niklas,

Interesting.

What does tcpdump say when you test?

There may be another ipfilter rule conflicting with the one you are trying to write so look at them all for this possible issue.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Niklas Wirström
Occasional Contributor

‎07-11-2006 07:17 AM

‎07-11-2006 07:17 AM

Re: ipfilter/ipnat problem. redirection rules are ignored

tcpdump says:
listening on lan0, link-type EN10MB (Ethernet), capture size 96 bytes
21:10:58.677680 IP r2d2.xxxx.xxxx.53036 > kluster2.xxxx.xxxx.20993: S 2242133430:224
2133430(0) win 5840
21:10:58.695123 IP kluster2.xxxx.xxxx.20993 > r2d2.xxxx.xxxx.53036: R 0:11(11) ack 2
242133431 win 0

no trace of the redirection...
0 Kudos
Reply
Niklas Wirström
Occasional Contributor

‎07-11-2006 08:11 PM

‎07-11-2006 08:11 PM

Re: ipfilter/ipnat problem. redirection rules are ignored

...and there are no other rules on the machine.
"ipnat -l" says:
"List of active MAP/Redirect filters:
rdr lan0 193.10.67.98/32 port 20993 -> 193.10.67.98 port 22 tcp/udp

List of active sessions:"

0 Kudos
Reply
Kshemendra
New Member

‎07-13-2006 08:58 PM

‎07-13-2006 08:58 PM

Re: ipfilter/ipnat problem. redirection rules are ignored

configure a ipfilter rule. It needs a ipfilter rule to be loaded to continue

Eg.
# cat /tmp/ipf.conf
pass in all

# ipf -Fa /tmp/ipf.conf


0 Kudos
Reply
Kshemendra
New Member

‎07-18-2006 06:13 PM

‎07-18-2006 06:13 PM

Re: ipfilter/ipnat problem. redirection rules are ignored

Have you tried configuring one simple
ipfilter rule loaded along with the
NAT rule. Since NAT to work we need
at least one IPFilter rule. This is
historical.
0 Kudos
Reply
Ghislain B
New Member

‎04-12-2007 01:20 AM

‎04-12-2007 01:20 AM

Re: ipfilter/ipnat problem. redirection rules are ignored

Hello,

I have a similar problem.

I want to forward HTTP packets received on 81 port from the lan0 interface (192.168.0.254) to a Web server (172.31.0.1) connected on lan1 interface.

I have activated ip_forwarding with ndd :
"ndd -get /dev/ip ip_forwarding" gives me a "1". "2" is necessary?

In terms of ipfilter configuration, I have in ipf.conf:
pass out all
pass in all

And in ipnat.conf:
rdr lan0 192.168.0.254/32 port 81 -> 172.31.0.1 port 80 tcp

When I try to connect on 192.168.0.254 port 81, I can see the packets arrive (with tcpdump) but no redirection to 172.31.0.1 on lan1.

I thank you by advance for your help or ideas.

Ghislain.

0 Kudos
Reply
Ghislain B
New Member

‎04-12-2007 02:55 AM

‎04-12-2007 02:55 AM

Re: ipfilter/ipnat problem. redirection rules are ignored

I have found my problem, it was a routing configuration.

I have solved it.

Sorry for the trouble.
0 Kudos
Reply
Kshemendra
New Member

‎04-12-2007 06:45 PM

‎04-12-2007 06:45 PM

Re: ipfilter/ipnat problem. redirection rules are ignored


You may need a route entry for the 17. network packet. forward the packet
lan0.
0 Kudos
Reply
Ghislain B
New Member

‎04-12-2007 07:42 PM

‎04-12-2007 07:42 PM

Re: ipfilter/ipnat problem. redirection rules are ignored

I thank you I have added the route and it works.

Have a nice week-end.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.