Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
RE: [suse-security] DNAT / routing problem ...
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Mon, 10 Dec 2001 13:22:33 +0100
  • Message-id: <96C102324EF9D411A49500306E06C8D1A56C98@xxxxxxxxxxxxxxxxx>
> What am I doing wrong?

I'm not sure. It's not the arp or DNAT, IMHO, since I just recreated your
scenario and it works fine.

However, a while back you said that you were also SNATing in the POSTROUTING
chain from Internet to DMZ. I didn't do that, I'm just doing plain old
routing. Can you see the packets on the DMZ subnet?

Incidentally, I don't know if this matters at all, but when I tcpdumped eth0
for dst port 80, I didn't see the pre-DNAT IP address at all, only the
DNATed one..

HTH
Tobias

< Previous Next >
Follow Ups