[Sunhelp] ipfilter frustration - DUH
Hatle, Steven J.
shatle at vue.com
Tue Mar 7 08:30:32 CST 2000
The commmand should be more like
ndd -set ip_route 1, not "ip_filter"
Sorry.
-----Original Message-----
From: Hatle, Steven J. [mailto:shatle at vue.com]
Sent: Tuesday, March 07, 2000 7:17 AM
To: 'sunhelp at sunhelp.org'
Subject: RE: [Sunhelp] ipfilter frustration
Not sure if this is your problem or not, but the biggest gotcha I had with
ipfilter is turning on routing in the kernel on the ipfilter box. By
default, it's turned off. I turned it on in /etc/system, but it ended up
getting turned off again somewhere later, so I just made an /etc/rc2.d
script to turn it back on.
The command is something like:
ndd -set ip_filter 1
or close to that- man ndd will probably turn up the correct syntax and
command.
Hope this helps
Steve
-----Original Message-----
From: Gregory Leblanc [mailto:GLeblanc at cu-portland.edu]
Sent: Tuesday, March 07, 2000 12:50 AM
To: 'sunhelp at sunhelp.org'
Subject: RE: [Sunhelp] ipfilter fustration
> -----Original Message-----
> From: David Rouse [mailto:cn1407 at coastalnet.com]
> Sent: Monday, March 06, 2000 5:36 PM
> To: SunHelp List
> Subject: [Sunhelp] ipfilter fustration
>
>
> I've got a IPX running Sol 7 at home that I'd like to use as a dial-up
> router, i.e. it connects to my ISP (dynamic TCP/IP address
> through PPP,
> regular phone modem) and the rest of the home network (a
> sparc 10 and this
> iMac) connect through it using NAT.
>
> On the IPX I've got gcc 2.8.1 (precomplied), ip filters 3.3.11 and
> ppp-2.3.10 (I've also used the Solaris aspppd).
>
> The ppp side works, I can dial in and do traceroutes, pings,
> nslookups. But
> when I'm on another machine (the Sparc 10, which has the PPP
> box as its
> default router) I get no response from pings, etc. When I run
> 'ipmon -o -N'
> on the PPP box I get nothing, even while pinging from the
> other box. When I
> run 'ipfstat -s' all the fields are empty except 'misses'.
>
> The local network is set with nodes using the 192.168.0.x range with a
> netmask of 255.255.255.192. All of the boxes are in the same
> subnet. My
> nat.conf is:
>
> map ppp0 192.168.0.0/32 -> 0/32 proxy port ftp ftp/tcp
> map ppp0 192.168.0.0/32 -> 0/32 portmap tcp/udp 10000:40000
> map ppp0 192.168.0.0/32 -> 0/32
I'm not familiar with ipfilter, but let me know if I screw this. First
thing to try is pinging the ethernet interface on the gateway. If that
doesn't work, then you have other issues. Second thing to try is pinging
the ppp0 address from a machine inside. If that doesn't work, it's a config
problem. What exactly is the above syntax supposed to do? It looks to me
like it would say use 192.168.0.0, with a subnet mask of 255.255.255.255, or
32 bits, which means ONLY THAT HOST. Whoops, that just might be the
problem. Try a mask of 24 bits, or 255.255.255.0. I really think that's
the problem, but I can't be sure until you try it.
Greg
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list