[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IP alias and port forwarding - packets die at external interface

On Tue, 23 Dec 2003 03:40 am, Nathan Barham wrote:
> Hello list,
>
> I'm trying to set up my first DMZ using a woody gateway with 3 interface
> cards.  One for the external interface, one for the DMZ, and one for the
>   (as yet non-existent) internal LAN.
>
> I have 5 static IP's, and have assigned 3 of them as eth0, eth0:1, and
> eth0:2 in /etc/network/interfaces.  Now I want to forward incoming SMTP
> and DNS traffic to DMZ machines based on destination IP.  This seems to
> work fine for the SMTP traffic, but incoming DNS requests just die at
> the external interface.  They are not being killed by other iptables
> rules.  It's just as if that interface isn't "really" listening to that
> IP.  Why it works for one and not the other is beyond me.  I fear I'm
> missing something basic, but I just can't see it.  Any help is very much
> appreciated.

Just a quick guess, you know that DNS requests use TCP sometimes instead of 
UDP? You need to allow both..

t
-- 
GPG : http://n12turbo.com/tarragon/public.key
Reply to: