Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] DNAT / routing problem ...
  • From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 11 Dec 2001 07:30:15 +0200
  • Message-id: <20011211052734.38C77E6413@xxxxxxxxxxxx>
Hi again

On Mon 10 Dec 01 15:37, Reckhard, Tobias wrote:
> > > > What am I doing wrong?
> OK, so just for the record, here's what I did:
>
> Router:
> ifconfig eth0 192.168.1.42 netmask 255.255.255.0 broadcast 192.168.1.255
> up ifconfig eth0:0 192.168.1.40 netmask 255.255.255.0 broadcast
> 192.168.1.255 up
> ifconfig eth1 192.168.72.254 netmask 255.255.255.0 broadcast
> 192.168.72.255 up
> iptables -t nat -A PREROUTING -p tcp -d 192.168.1.40 --dport 80 -j LOG
> iptables -t nat -A PREROUTING -p tcp -d 192.168.1.40 --dport 80 -j DNAT \
> --to 192.168.72.4:80
>
> 'Hidden' Server:
> ifconfig eth0 192.168.72.4 netmask 255.255.255.0 broadcast 192.168.72.255
> up
> route add default 192.168.72.254
>
> (There may be a 'gw' missing in that route statement, I'm too lazy to
> consult the man page right now).
>
> Then, I could access the SuSE default web server page on 192.168.10.40 or
> rather 192.168.72.4.
>
Do you think it could be because I have to different class C ip ranges on my
interfaces (i.e. 10.0.0.0/24 and 192.168.1.0/24)? From the tcpdump outputs,
it seems like a new packet is being generated on the external interface and
then not routed to the DMZ interface.

> HTH
> Tobias
Ray

< Previous Next >
References