Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
3 interface firewall
  • From: "Oyku Gencay" <oykug@xxxxxxxxxx>
  • Date: Mon, 2 Jul 2001 16:18:19 -0700
  • Message-id: <004f01c1034d$47d08ea0$ca8d8ec3@xxxxxxxxxx>
Hi,

I've read netfilter howtos and mailing list archive but could not get around
with it.

The config is as follows all up and working.

eth0: 1.2.3.4 netmask 255.255.255.192 (internet)
eth1: 10.0.0.1 netmask 255.255.255.0 (so called dmz)
eth2: 192.168.1.1 netmask 255.255.255.0 (internal)

default gateway 1.2.3.3 (router. Up and working)

Web Server 10.0.0.50
Another Web Server 10.0.0.60
Mail Server 10.0.0.70

What I would like to do is
1. to have internal PC's access internet.
2. To be able to nat 1.2.3.5 to 10.0.0.50, 1.2.3.6 to 10.0.0.60 and 1.2.3.6
to 10.0.0.70

Here are the iptables rules.
# access to internet from internal (tested, working ok)
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A FORWARD -i eth2 -j ACCEPT
iptables -t nat -A FORWARD -m state --state ESTABLIESHED, RELATED -j ACCEPT

# NAT ??
iptables -t nat -A PREROUTING -d 1.2.3.5 -p tcp --dport 80 -j DNAT --to
10.0.0.50
iptables -t nat -A PREROUTING -d 1.2.3.6 -p tcp --dport 80 -j DNAT --to
10.0.0.60
iptables -t nat -A PREROUTING -d 1.2.3.7 -p tcp --dport 110 -j DNAT --to
10.0.0.70
iptables -t nat -A PREROUTING -d 1.2.3.7 -p tcp --dport 25 -j DNAT --to
10.0.0.70


Can anybody help me on logging & degugging, and why this is not working ??
Am I missing anything in the routing part???

Regards,
TIA
Oyku






< Previous Next >