Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] 3 interface firewall
> Hi,
> I've read netfilter howtos and mailing list archive but could not get
> with it.
> The config is as follows all up and working.
> eth0: netmask (internet)
> eth1: netmask (so called dmz)
> eth2: netmask (internal)
> default gateway (router. Up and working)
> Web Server
> Another Web Server
> Mail Server
> What I would like to do is
> 1. to have internal PC's access internet.
> 2. To be able to nat to, to and
> to
> Here are the iptables rules.
> # access to internet from internal (tested, working ok)
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> iptables -t nat -A FORWARD -i eth2 -j ACCEPT
> iptables -t nat -A FORWARD -m state --state ESTABLIESHED, RELATED -j
> # NAT ??
> iptables -t nat -A PREROUTING -d -p tcp --dport 80 -j DNAT --to
> iptables -t nat -A PREROUTING -d -p tcp --dport 80 -j DNAT --to
> iptables -t nat -A PREROUTING -d -p tcp --dport 110 -j DNAT --to
> iptables -t nat -A PREROUTING -d -p tcp --dport 25 -j DNAT --to
> Can anybody help me on logging & degugging, and why this is not working ??
> Am I missing anything in the routing part???
> Regards,
> Oyku

Hi Oyku!
First of all I suppose that you have the 1.2.3.[5-6-7] as virtual ip's in
the host, I mean on interfaces like eth:0 eth0:1 eth0:2... after this you
should be able to ping the these ip's from outside and get response or to
traceroute them and reach your router just before them -and of course after
it to them.
If these ip's are not visible from the inet it won't never work.

Once this is working your rules should work, if they do not work try

God luck!!

Regards from Barcelona :-)

Ramon Acedo Rodriguez.

< Previous Next >