Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
DNAT to DMZ
  • From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 7 Dec 2001 14:05:31 +0200
  • Message-id: <20011207120307.D7797E64F2@xxxxxxxxxxxx>
Hi

Ive got 66.8.45.162 and 66.8.45.171 bound to eth0
I have 192.168.1.1 bound to eth1
192.168.1.3 does have a web server running.

I can't get DNAT to work if I bind the IPs to the eth0

This is the result of a log rule on the nat chain to DNAT traffic to 66.8.45.171 to 192.168.1.3 :
Dec 7 13:55:15 firefly kernel: IN INT TO ORA1: IN=eth0 OUT= MAC=00:01:02:50:b8:9e:00:50:0f:0d:1c:76:08:00 SRC=196.38.2.133 DST=66.8.45.171 LEN=44
TOS=0x00 PREC=0x00 TTL=246 ID=17782 DF PROTO=TCP SPT=59750 DPT=80 WINDOW=8760 RES=0x00 SYN URGP=0

This is the output of a tcpdump on eth0:
firefly:~ # tcpdump -i eth0 -n src or dst 66.8.45.171
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on eth0
13:53:50.568125 196.38.2.133.59748 > 66.8.45.171.http: S 3246244830:3246244830(0) win 8760 <mss 1460> (DF)
13:53:50.628125 196.38.2.133.59748 > 192.168.1.3.http: S 256854211:256854211(0) win 8760 <mss 1380> (DF)
13:53:54.058125 196.38.2.133.59748 > 66.8.45.171.http: S 3246244830:3246244830(0) win 8760 <mss 1460> (DF)
13:53:54.098125 196.38.2.133.59748 > 192.168.1.3.http: S 256854211:256854211(0) win 8760 <mss 1380> (DF)
13:54:00.458125 196.38.2.133.59748 > 66.8.45.171.http: S 3246244830:3246244830(0) win 8760 <mss 1460> (DF)
13:54:00.538125 196.38.2.133.59748 > 192.168.1.3.http: S 256854211:256854211(0) win 8760 <mss 1380> (DF)

Am I missing a route or something like that?
ipforwarding is enabled.

and this is the one on eth1:
firefly:~ # tcpdump -i eth1 -n src or dst 192.168.1.3
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on eth1

0 packets received by filter


< Previous Next >
This Thread
  • No further messages