Hi, I've recently been working on a firewall using IPtables to create a DMZ/LAN setup. I have a system with 3 NIC's. eth0 has the "real" static IP's from my ISP. I'm using NAT to translate from the IP bound on this NIC to the internal DMZ and LAN hosts. eth1 is set to 172.16.12.1 and is used as the DMZ interface. Hosts connected to this interface are all 172.16.12.x eth2 is set to 172.16.11.1 and is used as the LAN interface.Hosts connected here are all 172.16.11.x Most things seem to be working, I can connect from the LAN to the DMZ and to the Internet. I can connect from the DMZ to the Internet, but not to the LAN, but already established connections work. Only the ports I specify are open from the Internet to the DMZ. The problem I'm having is this: When I try to connect to a host in the DMZ from the LAN, it does not work when I use the "real" IP address. An example of the error in the logs is this: ----- IPT INPUT packet died: IN=eth1 OUT= MAC=00:10:5a:1b:48:8a:00:10:5a:00:ff:b8:08:00 SRC=172.16.11.2 DST=66.92.171.152 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=3514 DF PROTO=TCP SPT=32949 DPT=80 WINDOW=5440 RES=0x00 SYN URGP=0 ---- Does anyone have any idea why this might be happening? Much thanks. -- David Collodel <dave@crawlspaceradio.com>
