be sure you've removed ipchains mod, otherwise virtual ip addresses will not work -----Mensaje original----- De: Matthias Krauss [mailto:MKrauss@hitchhiker.com] Enviado el: jueves, 21 de febrero de 2002 18:37 Para: 'suse-security@suse.com' Asunto: [suse-security] DNAT with Virtual IF Hi folks, i'm looking for a nice workaround for the following prob: I've 3 IF's, user lan, dmz and an external inet link, now i'd like to dnat incomming requests like: $IPTABLES -A FORWARD -i $EXT -o $DMZ -d 10.0.10.2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $DMZ -o $EXT -s 10.0.10.2 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.10.2 the above sample works fine, $EXT represent eth0 which is the outside IF, in addition i created a virtual if named eth0:1 which i can't address in iptables (wierd character : ) . I;m not getting any ruleset to work unless i'm using "-i eth0", the workaround like eth0+ doesnt help , did anybody dealed with this prob before ???? Many thanks Matthias Krauss -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here