Le lun 16/06/2003 à 14:46, George Vieira a écrit : > You don't need to put the External IPs on the eth0 device for the > internal machines to be DNATed. What's the reason you have eth0:0 0:1 > and 0:2? If you don't add IPs you want to DNAT to external interface, there won't be anyone to answer ARP requests on them, as Netfilter does not. So you have to add them, using aliases (eth0:*) or iproute2 (ip addr add $IP dev eth0). -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> Consultant en sécurité des systèmes et réseaux - Cartel Sécurité Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
