How to use netfilter to do static IP mapping?
Patrick Dung
patrick_dkt at yahoo.com.hk
Fri Sep 24 05:24:02 CEST 2004
Dear All
This is what I want:
eth0 as internet (1.1.1.1)
eth1 as dmz (10.1.1.1)
dmz has a web (10.1.1.2) and dns (10.1.1.3) server
with private IP.
The netfilter fw will do the static IP (public to
private) IP mapping.
Avaliable public IP (example):
1.1.1.1 (eth0), 1.1.1.2 (for web), 1.1.1.3 (for dns)
Now I have these rules:
iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.2 -p
tcp --dport 80 -j DNAT --to 10.1.1.2:80
iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.3 -p
udp --dport 53 -j DNAT --to 10.1.1.3:53
The problem is that there is no response from 1.1.1.2
and 1.1.1.3.
Do I need other special setting (proxy arp?)
Regards
Patrick
_________________________________________________________
¥²±þ§Þ¡B¶¼ºq¡B¤p¬P¬P...
®öº©¹aÁn ±¡¤ß³sô
http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/
More information about the netfilter
mailing list