Mailinglist Archive: opensuse-security (685 mails)
| < Previous | Next > |
RE: [suse-security] DNAT with Virtual IF
- From: "Rossell, Roger" <roger@xxxxxxxxxxx>
- Date: Fri, 1 Mar 2002 09:44:29 +0100
- Message-id: <B7A3CC8DE9BC6E4B9D09EA3CBF38D9634CE6@xxxxxxxxxxxxxxxxxx>
be sure you've removed ipchains mod, otherwise virtual ip addresses will
not work
-----Mensaje original-----
De: Matthias Krauss [mailto:MKrauss@xxxxxxxxxxxxxx]
Enviado el: jueves, 21 de febrero de 2002 18:37
Para: 'suse-security@xxxxxxxx'
Asunto: [suse-security] DNAT with Virtual IF
Hi folks,
i'm looking for a nice workaround for the following prob:
I've 3 IF's, user lan, dmz and an external inet link, now i'd like
to dnat incomming requests like:
$IPTABLES -A FORWARD -i $EXT -o $DMZ -d 10.0.10.2 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $DMZ -o $EXT -s 10.0.10.2 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.10.2
the above sample works fine, $EXT represent eth0 which is the outside
IF, in
addition i created a virtual if named
eth0:1 which i can't address in iptables (wierd character : ) . I;m not
getting any ruleset to work
unless i'm using "-i eth0", the workaround like eth0+ doesnt help , did
anybody dealed with this prob before ????
Many thanks
Matthias Krauss
--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here
not work
-----Mensaje original-----
De: Matthias Krauss [mailto:MKrauss@xxxxxxxxxxxxxx]
Enviado el: jueves, 21 de febrero de 2002 18:37
Para: 'suse-security@xxxxxxxx'
Asunto: [suse-security] DNAT with Virtual IF
Hi folks,
i'm looking for a nice workaround for the following prob:
I've 3 IF's, user lan, dmz and an external inet link, now i'd like
to dnat incomming requests like:
$IPTABLES -A FORWARD -i $EXT -o $DMZ -d 10.0.10.2 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $DMZ -o $EXT -s 10.0.10.2 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.10.2
the above sample works fine, $EXT represent eth0 which is the outside
IF, in
addition i created a virtual if named
eth0:1 which i can't address in iptables (wierd character : ) . I;m not
getting any ruleset to work
unless i'm using "-i eth0", the workaround like eth0+ doesnt help , did
anybody dealed with this prob before ????
Many thanks
Matthias Krauss
--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here
| < Previous | Next > |