Helo Martin, helo folks, thanks for your responce. I can show U the rule: $IPTABLES -A PREROUTING -t nat -p tcp --dport FF -j DNAT --to-destination IPINTERN and a pullout of /var/log/kernel.log: Jan 21 17:41:06 FW15 kernel: DROP-TCP IN=tr0 OUT=eth0 SRC=IPEXTERN DST=IPINTERN LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6234 DF PROTO=TCP SPT=1079 DPT=FF WINDOW=8760 RES=0x00 SYN URGP=0 but, sorry no iptales -L. On this print U can see, that the DNAT is working pretty ( see on DST = is the DNAT IP ) , but packets are dropt. WHY ?? :-( TIA best regards Dirk Ertl T-Systems PCM AG Computing & Desktop Services Business Unit Daimler Chrysler AG / debis Fon: +179/492 63 59 mailto:t-systems.ertl@daimlerchrysler.com mailto:dirk.ertl@t-systems.com Martin.Peikert@discon.de 23.01.2002 11:17 Bitte antworten an Martin.Peikert An: suse-security@suse.com Kopie: Thema: Re: [suse-security] DNAT problems T-Systems.Ertl@daimlerchrysler.com schrieb:
Hi Folks,
we are pretty much done with our firewall now, but unfortunately we have a
tiny
problem. Basically we want to use dNAT. We see that the translation of the IP works out pretty good already. Actually he does everything right, but he still drops the packages.
Do we need an additional rule ?
Could you be a little bit more detailed? What rules do you already have? It would help to send a 'iptables -n -L'... Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com