Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] iptables question
The problem is not iptables, but the routing.

A short excourse.

The subnet mask connected with an a ip address determines,
whether another ip should be reachable via the standard gateway
or directly through a certain nic.

For example (only 1 NIC in your box) means a subnetmask of so if
the routing part of your kernel has to reach it does

own ip AND = 192.168.1
other ip AND = 192.168.2

if the results differ the routing routine decides to take the standard

To be more precious: any box in your network will
not be routed through your standard gateway according above
description. For example want to reach mail server. and = and =

result DONT differ, so kernel will send packets directly.


add extra routes for e.g mail server

route add netmask gw your.ext.ip.addr

hope that helps

Yours Michael

BTW: Why you want to do so - logging purposes ?

>I have a dmz firewall setup that connects 2 private networks with the
>public Internet (net1 and net2).
>I don't seem to be able to get my configuration to the point where a
>machine in net1 can connect to another machine in net1 trough its public
>IP address.
>dmz router:
>mail server:
>http server:
>I would like to enable the http server to to go to the mail server
>through the public IP address of the mail server rather than being
>limited to going straight to
>All machines have as their default gateway and NAT for mail
>connections from the outside works. I don't see any packets being
>dropped on the firewall since I allowed port 25 connections from the
>inside of the firewall as well.

< Previous Next >
Follow Ups