Bits on Bytes bits on solaris, programming, and all things tech

In this scenario I am using a fresh install of Solaris 10 u3. There are two network interfaces configured: vfe0 is the “external” interface as it connects directly to the cable modem and gets it’s IP via DHCP; rtls0 is the “internal” interface as it connects to a local network switch along with other computers on the network. Use routeadm to enable IP Forwarding & IP Routing at the system level:

# routeadm -u -e ipv4-forwarding
# routeadm -u -e ipv4-routing

Ipfilter service comes disabled by default and won’t enable until one or more interfaces is configured for ipfilter tables. When an interface is plumbed it checks the pfil service for this, so to update the pfil service you have to create/uncomment an entry in /etc/ipf/pfil.ap that corresponds to your network interfaces. Add vfe & rtls entries to /etc/ipf/pfil.ap

vfe -1 0 pfil
nrtls -1 0 pfil

Restart pfil

# svcadm restart pfil

Replumb EXTERNAL interface

# ifconfig vfe0 unplumb
# ifconfig vfe0 plumb
# ifconfig vfe0 dhcp

Replumb INTERNAL interface

# ifconfig rtls0 unplumb
# ifconfig rtls0 plumb
# ifconfig rtls0 192.168.0.1 netmask 255.255.255.0 up

Enable ipfilter

# svcadm enable ipfilter

Configure NAT rules - Put the following in /etc/ipf/ipnat.conf Be sure to substitute vfe for your external interface name.

map vfe0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map vfe0 192.168.0.0/24 -> 0/32

Load the NAT rules

# ipnat -f /etc/ipf/ipnat.conf

Since the ipfilter service is running, it should save your NAT settings and automatically load them on a reboot. And that’s it, you should now be able to access the internet from another computer on your LAN.