[zorp] Virtual IP PlugProxy

Major Csaba zorp@lists.balabit.hu
Thu, 28 Oct 2004 11:25:51 +0200


--=-KCmonleKi1JDcuoqOoOz
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2004-10-28 at 09:22, Phil Moors wrote:
> What is the right way to use a virtual ip address (alias) bound to an
> outside interface and forward traffic to a host in the private network? I
> can get the Plug to work with the eth3 address, but not with the eth3:1
> address.

 You don't have to "tproxy-ing" a traffic like that. You should just put
an ACCEPT rule on the right place, then you can put your listener on the
desired IP (on the IP of eth3:1 in this case).=20
 However, you can "tproxy-ing" this traffic, but the packet will appear
on the primary IP of the interface, so the listener should listen on
that IP. Or you can use the '--on-ip' parameter of the TPROXY target.

MCS


--=-KCmonleKi1JDcuoqOoOz
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBgLsfk78G1BHnShURAiGLAJwKme6txGX9lnd23oU/DppvJ50SFQCfYWc4
VH5gN1OU8sYNfmjj1vQgve4=
=rKSs
-----END PGP SIGNATURE-----

--=-KCmonleKi1JDcuoqOoOz--