Hi all,
we have a Solaris 11 box with net2 connected to some external network and net1 connected to the LAN. The Solaris box is configured as a router (NAT gateway) and works great in this regard. We now want to add a rule so that incoming tcp traffic (net2) to port 62000 is redirected to a machine 10.0.0.213 in the LAN through interface net1. According to my understanding of the documentation the rules
pico /etc/firewall/pf.conf
set skip on lo0
set skip on net0
set skip on net1
pass out all
block in all
pass in on net2 inet proto tcp from any to net2 port = 22
pass in on net2 inet proto tcp from any to net2 port = 62000 rdr-to 10.0.0.231 62000
pass out on net2 from 10.0.0.0/24 to any nat-to (net2)
svcadm restart firewall
should do the trick. But they don't. I get
telnet <externalIP> 62000
Trying <externalIP>...
What am I doing wrong? Thanks so much in advance!