On Sun, Apr 8, 2012 at 19:31, /dev/rob0 <rob0@xxxxxxxxx> wrote:
> On Sun, Apr 08, 2012 at 06:42:51PM -0700, Aaron Clausen wrote:
>> Hence the need of reflection/loop back/whatever-you-call-it.
>
> And I gave you two links to tell you how to do that.
Okay, I've written rules in the form specified by the links you
provided. I have run up against another issue, one probably specific
to my situation.
To support the old subnet address range (192.168.1.0/24) as well as
the new range (10.0.0.0/23) I have created two IP addresses for my
internal interface; the primary being 10.0.0.1 and the old subnet
address being 192.168.1.254. ifconfig shows it this way:
eth1 Link encap:Ethernet HWaddr 00:1f:f2:04:d5:8f
inet addr:10.0.0.1 Bcast:10.0.1.255 Mask:255.255.254.0
inet6 addr: fe80::21f:f2ff:fe04:d58f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:202969887 errors:0 dropped:144568 overruns:0 frame:0
TX packets:205166492 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1293204194 (1.2 GiB) TX bytes:1956912187 (1.8 GiB)
Interrupt:18 Base address:0xde00
eth1:1 Link encap:Ethernet HWaddr 00:1f:f2:04:d5:8f
inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18 Base address:0xde00
What I've noticed with the rules from the links is that I can, from
the 10.0.0.0/23 subnet, access any port forwarded back to an internal
server providing the server is on the 192.168.1.254 subnet, but no
host sitting on the new subnet gets the loopbacked port forwarding.
They are all sitting on the same physical segment, it's just two
different addresses spaces.
Any explanation?
--
Aaron Clausen
mightymartianca@xxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
