[SunRescue] Making Solaris 2.8 be a NAT gateway

Ron Rosson rescue at sunhelp.org
Tue Mar 13 00:56:54 CST 2001 

* Ron Rosson (insane at oneinsane.net) [010312 19:32]:
> * Ron Rosson (insane at oneinsane.net) [010312 08:32]:
> > Heya People,
> > 
> > Here is what I have:
> >         A SUN Ultra 1 running Solaris 2.8 with 2 ethernet cards running
> >         IPFilter. 
> > 
> > The server is also running DHCPD to hand out IP addresses on le1. Ok
> > when I boot up I get an error on ifconfig for le1. when I get a prompt I
> > see that it initialized le1 with the same settings as le0 (Not Good). 
> > 
> > So what do I do to fix that?
> > 
> > The one job of this box that I really need to get working quickly is for
> > it to work as a NAT gateway for the IP addresses that it hands out VIA
> > the le1 interface.. 
> > 
> > What is the magic to getting both ethernet cards configured properly on
> > boot?
> > 
> > le0  <- Public IP
> > le1  <- Private IP
> > 
> > The IPFilter Stuff is already done.
> > 
> > If anyone has a HOWTO please point me to it.. My Solaris knowledge is
> > still very weak. (I am a *BSD person try to learn Solaris  ;-))
> > 
> 
> Well the ifconfig error came from me thinking I edited /etc/hostname.le1
> (it still had the same name)
> 
> I figured out that I needed to do a:
>         ndd -set /dev/ip ip_forwarding 1
> 
> 
> Still does not send packets.
> 
> I noticed in one of my many sanity reboots that IPF errors saying
> something about layer 2 invalid header or something or other. IPF was a
> binary install. I think this layer 2 something or other is my issue I
> need to concentrate on.
> 
> Any suggestions, help, pointers, etc would be awesome.
> 

Ok... Guess what I got working...    ;-)

Finally figured out the trick to get ipfilter to compile on Solaris
2.8(64 bit). I made sure I had egcs installed. Started out with an empty
path and added on entry till I got it to compile. (It worked) Installed
it and now I have Solaris 2.8 running as a DHCP/NAT Server for the rest
of my household that I wont let have routable IP's  ;-)

Some packages are Evil
Some Source is a PITA (Pain in the Ass)

Just never give up.   ;-)

TIA
-- 
------------------------------------------------------------------------------
Ron Rosson          			      ... and a UNIX user said ...
The InSaNe One                 			      rm -rf *
insane at oneinsane.net     	            and all was /dev/null and *void()
------------------------------------------------------------------------------
         How do I set this laser printer to stun

More information about the rescue mailing list