Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
RE: [suse-security] DNAT / routing problem ...
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Mon, 10 Dec 2001 14:37:40 +0100
  • Message-id: <96C102324EF9D411A49500306E06C8D1A56C99@xxxxxxxxxxxxxxxxx>
> > > What am I doing wrong?
> >
> > I'm not sure. It's not the arp or DNAT, IMHO, since I just
> recreated your
> > scenario and it works fine.
> >
> > However, a while back you said that you were also SNATing in the
> > POSTROUTING chain from Internet to DMZ. I didn't do that,
> I'm just doing
> > plain old routing. Can you see the packets on the DMZ subnet?
> >
> Nope, you were right back then too, SNAT was not needed.
> tcpdump -n -i eth1 src or dst doesn't give me any
> output other
> than the tcpdump header.

OK, so just for the record, here's what I did:

ifconfig eth0 netmask broadcast up
ifconfig eth0:0 netmask broadcast
ifconfig eth1 netmask broadcast
iptables -t nat -A PREROUTING -p tcp -d --dport 80 -j LOG
iptables -t nat -A PREROUTING -p tcp -d --dport 80 -j DNAT \

'Hidden' Server:
ifconfig eth0 netmask broadcast
route add default

(There may be a 'gw' missing in that route statement, I'm too lazy to
consult the man page right now).

Then, I could access the SuSE default web server page on or


< Previous Next >
Follow Ups