RE: Using IPTABLES, cannot go to External Interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le lun 16/06/2003 à 14:46, George Vieira a écrit :
> You don't need to put the External IPs on the eth0 device for the
> internal machines to be DNATed. What's the reason you have eth0:0 0:1
> and 0:2?

If you don't add IPs you want to DNAT to external interface, there won't
be anyone to answer ARP requests on them, as Netfilter does not. So you
have to add them, using aliases (eth0:*) or iproute2 (ip addr add $IP
dev eth0).

 
-- 
Cédric Blancher  <blancher@xxxxxxxxxxxxxxxxxx>
Consultant en sécurité des systèmes et réseaux - Cartel Sécurité
Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE  FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux