On Thu, 2004-09-16 at 10:44, hamals@xxxxxxxxxxx wrote: > I've a DMZ with two server, I would like to acces them > through my iptables firewall. > > IP_serve1_DMZ =192.168.2.2 > IP_serve2_DMZ =192.168.2.3 > > IP_server1_public = x.x.x.52 > IP_server2_public = x.x.x.53 (x is for privacy..) > > > My firewall has > > eth1 internet interface = x.x.x.50 > eth0 dmz interface = 192.168.2.1 > > I need to have my server access with their pubbic IP, but > I've only eth1 as inteface to internet. > > I read that I can't use alias in iptables rules (like > eth1:1 etc) , then what kind of rules have I to write to > solve my problem? <snip> If I understand you correctly, simple NAT should be your answer. iptables -t nat -A PREROUTING -d x.x.x.52 -j DNAT --to-destination 192.168.2.2 (optionally add -i eth1 to thematch if you do are not using split DNS for any internal neworks) You will also need filter table rules to explicitly allow the DNAT'd traffic to pass. -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
