[SunHELP] ipfilter and IPMP
Francois Dion
fdion at atriumwindows.com
Thu Jul 29 10:08:34 CDT 2004
I've been playing with some of the more recent features of solaris, at
home, to see how well it would later fit in the grand scheme of things,
at work.
I want to set up a sun box as a firewall, with ipf. I can get a simple 3
interface set up going (wan to cable modem, lan and dmz). I wanted to
add IPMP on the lan side. Is this even possible? I've been hacking away
at this for quite a bit now. This is actually a lot more tricky than I
tought since packets can go out one or the other interface. The IPMP
part works fine and failover works well. I've defined this in
hostname.e1000g0 and e1000g1, with g0 having the base IP (my gateway) and
I've defined a group for the lan:
block in quick on e1000g0 all head 100
block in quick on e1000g1 all head 110
but is there a way for the state to be kept on either interface? Seems
packets are not coming back if they try to go back on a different interface.
On a similar note, how would one group the WAN interface and all it's
virtual IPs as one group? Assuming I have a block of 5 IPs assigned, I
set up iprb0 as the first IP, then hostname.iprb0:1 for the second thru
hostname.iprb0:4 for the last. If I specify something like:
block in quick on iprb0 all head 200
is there a way to specify that this should include all virtual IPs?
I googled and couldn't find any reference to either issues, so any
suggestions are more than welcome.
Thanks,
Francois
More information about the SunHELP
mailing list