10 Dec
2001
10 Dec
'01
12:53
On Mon 10 Dec 01 14:22, Reckhard, Tobias wrote:
What am I doing wrong?
I'm not sure. It's not the arp or DNAT, IMHO, since I just recreated your scenario and it works fine.
However, a while back you said that you were also SNATing in the POSTROUTING chain from Internet to DMZ. I didn't do that, I'm just doing plain old routing. Can you see the packets on the DMZ subnet?
Nope, you were right back then too, SNAT was not needed. tcpdump -n -i eth1 src or dst 192.168.1.3 doesn't give me any output other than the tcpdump header.
Incidentally, I don't know if this matters at all, but when I tcpdumped eth0 for dst port 80, I didn't see the pre-DNAT IP address at all, only the DNATed one..
HTH Tobias