Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
RE: [suse-security] DNAT with Virtual IF
  • From: "Rossell, Roger" <roger@xxxxxxxxxxx>
  • Date: Fri, 1 Mar 2002 09:44:29 +0100
  • Message-id: <B7A3CC8DE9BC6E4B9D09EA3CBF38D9634CE6@xxxxxxxxxxxxxxxxxx>
be sure you've removed ipchains mod, otherwise virtual ip addresses will
not work

-----Mensaje original-----
De: Matthias Krauss [mailto:MKrauss@xxxxxxxxxxxxxx]
Enviado el: jueves, 21 de febrero de 2002 18:37
Para: 'suse-security@xxxxxxxx'
Asunto: [suse-security] DNAT with Virtual IF


Hi folks,
i'm looking for a nice workaround for the following prob:
I've 3 IF's, user lan, dmz and an external inet link, now i'd like
to dnat incomming requests like:

$IPTABLES -A FORWARD -i $EXT -o $DMZ -d 10.0.10.2 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $DMZ -o $EXT -s 10.0.10.2 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.10.2

the above sample works fine, $EXT represent eth0 which is the outside
IF, in
addition i created a virtual if named
eth0:1 which i can't address in iptables (wierd character : ) . I;m not
getting any ruleset to work
unless i'm using "-i eth0", the workaround like eth0+ doesnt help , did
anybody dealed with this prob before ????

Many thanks


Matthias Krauss




--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >