On 02/24/2019 08:17 PM, Marc Chamberlin wrote:
I am still digging into this and I think I am making progress grokking somewhat... I think I found what Andrei was referring to with his suggestion to use --persistent option, it has nothing to do with making my changes to the iptables persistent, instead it has something to do with giving "a client the same source-/destination-address for each connection." I don't really understand what this means but it sounds good... Anywise I think I need to refine my earlier guess as to what iptables command I need, for example for my first static IP address I want to forward to one of my internal system might look like this? -
$ iptables -t nat -A PREROUTING -d 111.222.333.11 -i eth0+ -j DNAT --persistent --to-destination 192.168.10.10 $ iptables -t nat -A POSTROUTING -s 192.168.10.10 -o eth1 -j SNAT --persistent --to-source 111.222.333.11
I've never had to use iptables in that manner. With SuSEFirewall2, there was a graphical interface in Yast. There is one for firewalld, which I am not familiar with. However, I did find this link: https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.... If this is what they're providing now for configuring the firewall, it's a big step back. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org