Re: Using IPTABLES, cannot go to External Interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 16, 2003 at 03:40:54PM +0200, Cedric Blancher wrote:

> Le lun 16/06/2003 à 14:46, George Vieira a écrit :
> > You don't need to put the External IPs on the eth0 device for the
> > internal machines to be DNATed. What's the reason you have eth0:0 0:1
> > and 0:2?
> 
> If you don't add IPs you want to DNAT to external interface, there won't
> be anyone to answer ARP requests on them,

You can do proxy-arp... However, you have to have a route to those IP's...

Ramin

> as Netfilter does not. So you
> have to add them, using aliases (eth0:*) or iproute2 (ip addr add $IP
> dev eth0).
> 
>  
> -- 
> Cédric Blancher  <blancher@xxxxxxxxxxxxxxxxxx>
> Consultant en sécurité des systèmes et réseaux - Cartel Sécurité
> Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
> PGP KeyID:157E98EE  FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
> 



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux