Help with alias interfaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

	All,

	I tried the suggested solution with no luck...  Also,
I did not hear from anybody hosting DNS...

	Does anybody else have any ideas for the original post?

	Original post bellow.

Best regards,
Erick Sanz



> 
> 
> 	All,
> 
> 	I have multiple interfaces in a system (eth1, eth1:0, 
> eth1:1 and eth1:2),
> and I need to forward things for several ports to them.
> 
> 	Since IPtables do not understand eth1:1, my rules look 
> something like
> this:
> 
> # Ftp server
>     iptables -t nat -A PREROUTING -p tcp -d $FTP_IPADDR --dport 
> 21 -j DNAT --to $FTP_SERVER
>     iptables -A FORWARD -i eth1 -p tcp -d $FTP_SERVER --dport 21 
> -m state --state NEW -j ACCEPT
> 
> # Web server
>     iptables -t nat -A PREROUTING -p tcp -d $WEB_IPADDR --dport 
> 80 -j DNAT --to $WEB_SERVER
>     iptables -A FORWARD -i eth1 -p tcp -d $WEB_SERVER --dport 80 
> -m state --state NEW -j ACCEPT
> 
> 	eth1 is my WAN interface... Is this correct?
> 
> 	Also, for the life of my I don't seem to be able to get DNS 
> resulution to my
> DNS server; my rules are as follows:
> 
>     iptables -t nat -A PREROUTING -p udp -d $DNS_1 --dport 53 -j 
> DNAT --to $DNS_SERVER1
>     iptables -t nat -A PREROUTING -p tcp -d $DNS_1 --dport 53 -j 
> DNAT --to $DNS_SERVER1
> 
>     iptables -t nat -A PREROUTING -p udp -d $DNS_2 --dport 53 -j 
> DNAT --to $DNS_SERVER2
>     iptables -t nat -A PREROUTING -p tcp -d $DNS_2 --dport 53 -j 
> DNAT --to $DNS_SERVER2
> 
>     iptables -A FORWARD -i eth1 -p udp -d $DNS_SERVER1 --dport 53 
> -m state --state NEW -j ACCEPT
>     iptables -A FORWARD -i eth1 -p tcp -d $DNS_SERVER1 --dport 53 
> -m state --state NEW -j ACCEPT
> 
>     iptables -A FORWARD -i eth1 -p udp -d $DNS_SERVER2 --dport 53 
> -m state --state NEW -j ACCEPT
>     iptables -A FORWARD -i eth1 -p tcp -d $DNS_SERVER2 --dport 53 
> -m state --state NEW -j ACCEPT
> 
> 	Besides those rules, I also allow ping to those interfaces.
> 
> 	Does anybody host their own DNS, if so, could you share 
> your rules (without
> IP addresses, to protect the identity of the inocent...)    ;)
> 
> 	Beforehand, thank you for your help!
> 
> Best regards,
> Erick Sanz
> 


This email message has been scanned for viruses.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux