problem with port forward & dnat

for example - internal ip - external ip
1 linux pc + 1 eth interface

eth0 ip + eth0:0

all works fine but

i want all trafic coming to going to

iptables rules like this:

iptables -t nat -A PREROUTING -p tcp -i eth0 -d --dport 80 -j DNAT --to
iptables -A FORWARD -p tcp -i eth0 -d --dport 80 -j ACCEPT

but forward port doesnt work
all other ports on i can see from outside

sory for my pure english

Hmm, I’m not sure that portforwarding will work the same way when you have only one interface and using an alias for the second IP address. Why do you need portforwarding? Can’t you just let port 80 through?

sory but i am dont understand. how i can do this?

Just allow port 80 in the forward table. No DNAT.

sory but where forward table in opensuse? you meen iptables?
or opensuse has a forward table ?

The FORWARD chain in iptables.

Should you be editing iptables rules if you don’t understand iptables? Maybe you should be using YaST to manage SuSEfirewall2?

if i right understand i must do like this:

iptables -P FORWARD DROP
iptables -A FORWARD -i eth0:0 -s -p tcp -m multiport --destination-port 80,443 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -j LOG --log-prefix “FORWARD DROP:”
iptables -A FORWARD -j DROP

but iptables doesnt allow do it with aliases:

Warning: weird character in interface `eth0:0' (No aliases, :, ! or *).

So don’t use -i. And shouldn’t it be -d, since your packets are coming from the outside?