On Tue, 23 Dec 2003 03:40 am, Nathan Barham wrote: > Hello list, > > I'm trying to set up my first DMZ using a woody gateway with 3 interface > cards. One for the external interface, one for the DMZ, and one for the > (as yet non-existent) internal LAN. > > I have 5 static IP's, and have assigned 3 of them as eth0, eth0:1, and > eth0:2 in /etc/network/interfaces. Now I want to forward incoming SMTP > and DNS traffic to DMZ machines based on destination IP. This seems to > work fine for the SMTP traffic, but incoming DNS requests just die at > the external interface. They are not being killed by other iptables > rules. It's just as if that interface isn't "really" listening to that > IP. Why it works for one and not the other is beyond me. I fear I'm > missing something basic, but I just can't see it. Any help is very much > appreciated.
Just a quick guess, you know that DNS requests use TCP sometimes instead of UDP? You need to allow both.. t -- GPG : http://n12turbo.com/tarragon/public.key
