Networking solaris 10 on x86
in [Solaris]
|
From: M420ike on 2 Apr 2005 12:16 I have two nic cards. elxl0 and elxl1. elxl0 is assigned dhcp from my cable modem and I am able to surf internet fine no worries. I want to have elxl1 send the internet out to the rest of my network. I am new to solaris and do not know how to do this. I used to use nat and ip forwarding on my linux box but am not sure how to set it up on solaris 10. both nics work and have info in ifconfig included. inet 127.0.0.1 netmask ff000000 elxl0: flags=1104843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,ROUTER,IPv4> mtu 1500 index 2 inet 24.99.23.81 netmask ffffff00 broadcast 24.99.23.255 ether 0:10:5a:11:5d:7b elxl1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3 inet 10.10.10.24 netmask ffffff00 broadcast 10.10.10.255 ether 0:1:2:d4:40:dc ... Can somebody help this newbie out? Thanks Mikeyd
From: Barbie LeVile on 2 Apr 2005 12:26 On 2 Apr 2005 09:16:44 -0800 M420ike(a)gmail.com wrote: > I have two nic cards. elxl0 and elxl1. > elxl0 is assigned dhcp from my cable modem and I am able to surf > internet fine no worries. > I want to have elxl1 send the internet out to the rest of my network. > I am new to solaris and do not know how to do this. I used to use nat > and ip forwarding on my linux box but am not sure how to set it up on > solaris 10. > both nics work and have info in ifconfig included. > > inet 127.0.0.1 netmask ff000000 > elxl0: flags=1104843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,ROUTER,IPv4> > mtu 1500 index 2 > inet 24.99.23.81 netmask ffffff00 broadcast 24.99.23.255 > ether 0:10:5a:11:5d:7b > elxl1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu > 1500 index 3 > inet 10.10.10.24 netmask ffffff00 broadcast 10.10.10.255 > ether 0:1:2:d4:40:dc > .. > > Can somebody help this newbie out? Solaris 10 uses ipfilter for firewalling and nat, jsut google for a ipfilter faq and you are good to go. -- Barbie - Prayers are like junkmail for Jesus I have seen things you lusers would not believe. I've seen Sun monitors on fire off the side of the multimedia lab. I've seen NTU lights glitter in the dark near the Mail Gate. All these things will be lost in time, like the root partition last week. Time to die.
From: jdh13 on 2 Apr 2005 14:58 M420ike(a)gmail.com wrote: > I have two nic cards. elxl0 and elxl1. > elxl0 is assigned dhcp from my cable modem and I am able to surf > internet fine no worries. > I want to have elxl1 send the internet out to the rest of my network. > I am new to solaris and do not know how to do this. I used to use nat > and ip forwarding on my linux box but am not sure how to set it up on > solaris 10. > both nics work and have info in ifconfig included. > > inet 127.0.0.1 netmask ff000000 > elxl0: flags=1104843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,ROUTER,IPv4> > mtu 1500 index 2 > inet 24.99.23.81 netmask ffffff00 broadcast 24.99.23.255 > ether 0:10:5a:11:5d:7b > elxl1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu > 1500 index 3 > inet 10.10.10.24 netmask ffffff00 broadcast 10.10.10.255 > ether 0:1:2:d4:40:dc > .. > > Can somebody help this newbie out? > > Thanks > Mikeyd > ok, here my config, eri0 to local network and ife0 to cable modem, only traffic from internet is blocked (i consider myself safe) : cat /etc/ipf/ipf.conf pass in quick on lo0 all pass out quick on lo0 all block in log all block out all pass out log quick on ife0 proto tcp from any to any keep state keep frags pass out log quick on ife0 proto udp from any to any keep state keep frags pass out log quick on ife0 proto icmp from any to any keep state modify pfil.ap for your elx0 cat ipnat.conf map ife0 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:40000 map ife0 192.168.1.0/24 -> 0/32 But i have to add something if i want local machines go to internet: echo "map ife0 192.168.1.0/24 -> XX.XX.XX.XX/32" | ipnat -f - this line can't be added in ipnat.conf, because XX.XX.XX.XX changes every time i poweron my cable modem It seems there is a bug in solaris ipfilter, no time to test darren's release. use syslog to look at traffic (pass and block), in syslog.conf: local0.info;local0.err;local0.debug /var/log/ipmon.log use sun dhcp on eri0 to serve local machines. HTH ref: ipfilter on sun.com/bigadmin
From: Gary Mills on 2 Apr 2005 15:57 In <424ef97c$0$18954$636a15ce(a)news.free.fr> jdh13 <jdh13(a)free.fr> writes: >But i have to add something if i want local machines go to internet: >echo "map ife0 192.168.1.0/24 -> XX.XX.XX.XX/32" | ipnat -f - >this line can't be added in ipnat.conf, because XX.XX.XX.XX changes >every time i poweron my cable modem >It seems there is a bug in solaris ipfilter, no time to test darren's >release. Here's mine. I'm using it mainly for NAT. I use hme0 for my cable modem and afe0 for my home network. It works with DHCP on hme0 even when the IP address changes. ==> ipf.conf <== # ipf for qtpie pass in on hme0 all pass out on hme0 all block in log quick on hme0 proto tcp/udp from any to any port = 111 pass in on afe0 all pass out on afe0 all ==> ipnat.conf <== map hme0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp map hme0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto map hme0 192.168.0.0/24 -> 0/32 -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
From: M420ike on 2 Apr 2005 16:06
okay I have this info here setup my /etc/ipf/ipf.conf # # ipf.conf # # IP Filter rules to be loaded during startup # # See ipf(4) manpage for more information on # IP Filter rules syntax. pass in quick on elxl1 all pass out quick on elxl1 all my ipnat file looks like this map elxl1 10.10.10.0/24 -> 0/32 portmap tcp/udp 10000:40000 map elxl1 10.10.10.0/24 -> 24.99.23.81/32" | ipnat -f - my pril.ap file looks like this # IP Filter pfil autopush setup # # See the autopush(1M) manpage for more information. # # Format of the entries in this file is: # #major minor lastminor modules #iprb -1 0 pfil elxl -1 0 pfil #e1000g -1 0 pfil #bge -1 0 pfil #nf -1 0 pfil #fa -1 0 pfil #ci -1 0 pfil #el -1 0 pfil #ipdptp -1 0 pfil #lane -1 0 pfil #dnet -1 0 pfil #pcelx -1 0 pfil #spwr -1 0 pfil elxl0 -1 0 pfil elxl1 -1 0 pfil I am sure I made plenty of mistakes as I normally do when I am learning. keep in mind my elxl0 is connected to comcast cable modem and has dhcp assigned to it my elxl1 card is the one i want to send the internet to. I connected a winxp machine to this and can ping it...it assigns a ip address but still no internet going through. my ipfstats looks like this bash-3.00# svcs ipfilter pfil STATE STIME FMRI disabled 15:31:53 svc:/network/ipfilter:default online 15:49:02 svc:/network/pfil:default So what am I doing wrong. |