What is the right way to use a virtual ip address (alias) bound to an outside interface and forward traffic to a host in the private network? I can get the Plug to work with the eth3 address, but not with the eth3:1 address. I tried setting up an InetZone with the ip address bound to eth3:1, but the packets disappear after hitting the tproxy rule in the INPUT chain. I can see them move through PREROUTING and then to the PRxxx chain, but they never get back to INPUT. Or, am I going about this the wrong way? Thanks, Phil
On Thu, 2004-10-28 at 09:22, Phil Moors wrote:
What is the right way to use a virtual ip address (alias) bound to an outside interface and forward traffic to a host in the private network? I can get the Plug to work with the eth3 address, but not with the eth3:1 address.
You don't have to "tproxy-ing" a traffic like that. You should just put an ACCEPT rule on the right place, then you can put your listener on the desired IP (on the IP of eth3:1 in this case). However, you can "tproxy-ing" this traffic, but the packet will appear on the primary IP of the interface, so the listener should listen on that IP. Or you can use the '--on-ip' parameter of the TPROXY target. MCS
participants (2)
-
Major Csaba
-
Phil Moors