Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Antwort: Re: [suse-security] DNAT problems
Helo Martin, helo folks,

thanks for your responce.

I can show U the rule:

$IPTABLES -A PREROUTING -t nat -p tcp --dport FF -j DNAT --to-destination
IPINTERN

and a pullout of /var/log/kernel.log:

Jan 21 17:41:06 FW15 kernel: DROP-TCP IN=tr0 OUT=eth0 SRC=IPEXTERN DST=IPINTERN
LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6234 DF PROTO=TCP SPT=1079 DPT=FF
WINDOW=8760 RES=0x00 SYN URGP=0

but, sorry no iptales -L.

On this print U can see, that the DNAT is working pretty ( see on DST = is the
DNAT IP ) , but packets are dropt.

WHY ?? :-(

TIA


best regards

Dirk Ertl
T-Systems PCM AG
Computing & Desktop Services
Business Unit Daimler Chrysler AG / debis
Fon: +179/492 63 59
mailto:t-systems.ertl@xxxxxxxxxxxxxxxxxxx
mailto:dirk.ertl@xxxxxxxxxxxxx




Martin.Peikert@xxxxxxxxx
23.01.2002 11:17
Bitte antworten an Martin.Peikert



An: suse-security@xxxxxxxx
Kopie:
Thema: Re: [suse-security] DNAT problems

T-Systems.Ertl@xxxxxxxxxxxxxxxxxxx schrieb:
>
> Hi Folks,
>
> we are pretty much done with our firewall now, but unfortunately we have a
tiny
> problem. Basically we want to use dNAT. We see that the translation of the IP
> works out pretty good already.
> Actually he does everything right, but he still drops the packages.
>
> Do we need an additional rule ?

Could you be a little bit more detailed? What rules do you already have?
It would help to send a 'iptables -n -L'...

Martin
--
martin.peikert@xxxxxxxxx Discon GmbH
Internet Solutions Wrangelstrasse 100
http://www.discon.de/ 10997 Berlin, Germany

--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx




< Previous Next >
Follow Ups