Marc, Until you get a better grasp of routing and how it works you will never accomplish your goal. You cannot have servers on the internal network and also in the DMZ without comprising your entire network. The whole purpose of a DMZ is to isolate an externally accessible server from the rest of the machines on the internal network. Otherwise you are defeating the whole purpose of the DMZ. Ken Schneider
On Jul 8, 2023, at 5:37 PM, Marc Chamberlin via openSUSE Users <users@lists.opensuse.org> wrote:
Andrei Borzenkov wrote:
On 08.07.2023 00:21, Marc Chamberlin via openSUSE Users wrote: ipv4 nat PREROUTING 2 -d 111.111.111.112 -i eth0:novaExt -j DNAT --to-destination 192.168.10.210 Interface "eth0:novaExt" does not exist so this rule will never match.
Andrei - You have lost me here, what do you mean "eth0:novaExt" does not exist? I created this interface with YaST2->System->Network Settings->Overview tab->Edit eth0->Address tab->Additional Addresses->Add and filled in the popup dialog fields for "Address label", "IP Address", and "Subnet Mask". Doesn't YaST2 set this up as an additional interface using the "Address label" name I gave it, which in this case was "novaExt"? The derived name for this interface then became "eth0:novaExt". I can certainly ping it and do other network tasks via this interface label. So in many ways, at least, this label for a network interface does feel like it exists!
Thanks again, Marc...