Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] DNAT / routing problem ...
  • From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 10 Dec 2001 14:53:46 +0200
  • Message-id: <20011210125128.25443E64ED@xxxxxxxxxxxx>
On Mon 10 Dec 01 14:22, Reckhard, Tobias wrote:
> > What am I doing wrong?
>
> I'm not sure. It's not the arp or DNAT, IMHO, since I just recreated your
> scenario and it works fine.
>
> However, a while back you said that you were also SNATing in the
> POSTROUTING chain from Internet to DMZ. I didn't do that, I'm just doing
> plain old routing. Can you see the packets on the DMZ subnet?
>
Nope, you were right back then too, SNAT was not needed.
tcpdump -n -i eth1 src or dst 192.168.1.3 doesn't give me any output other
than the tcpdump header.

> Incidentally, I don't know if this matters at all, but when I tcpdumped
> eth0 for dst port 80, I didn't see the pre-DNAT IP address at all, only the
> DNATed one..
>

> HTH
> Tobias

< Previous Next >
References