Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] ] DNAT problems
  • From: "Martin Peikert" <Martin.Peikert@xxxxxxxxx>
  • Date: Wed, 23 Jan 2002 15:30:34 +0100
  • Message-id: <3C4EC90A.CB7F868F@xxxxxxxxx>
Michael Appeldorn schrieb:
>
> >T-Systems.Ertl@xxxxxxxxxxxxxxxxxxx schrieb:
> >
> >> May I do a syntactic fault, but I think it has to be like :
> >>
> >> $IPTABLES -A FORWARD -i $IF_INT -o $IF_EXT -p tcp -s potsdamerplatz
> >> -d IPINTERN --dport FF -j ACCEPT
> >
> >Isn't $IF_INT the interface for incoming and $IF_EXT the interface for
> >outgoing traffic? If it is, you might try
> >$IPTABLES -A FORWARD -i $IF_EXT -o $IF_INT -p tcp -s potsdamerplatz \
> > -d IPINTERN --dport FF -j ACCEPT
>
> I think U did -> -d $IPINTERN instead of -d IPINTERN

Right. Copy and paste - my fault :-(

So, the rule reads
$IPTABLES -A FORWARD -i $IF_EXT -o $IF_INT -p tcp -s $potsdamerplatz \
-d $IPINTERN --dport $FF -j ACCEPT

> and what you will do with --dport FF

Take a look at the mail from T-Systems.Ertl@xxxxxxxxxxxxxxxxxxx: he did
not want to tell us which port he will forward. So I took FF, too (now
as a variable name :-)

You didn't mention above, but what the hell is potsdamerplatz? ;-)

Martin
--
martin.peikert@xxxxxxxxx Discon GmbH
Internet Solutions Wrangelstrasse 100
http://www.discon.de/ 10997 Berlin, Germany

< Previous Next >
References