Transparent proxy where source IP address remains unchanged -- possible?

Adam Rosi-Kessel adam at rosi-kessel.org
Thu Aug 11 15:07:00 CEST 2005


On Thu, Aug 11, 2005 at 07:42:30AM +0200, Jan Engelhardt wrote:
> >Subject: Transparent proxy where source IP address remains unchanged --
> >    possible?
> Check Balabit TPROXY. To retain the source address however, you need to patch 
> the application that initiates the second part. In your case, the sshd on 
> faketarget.

Maybe I should explain what I'm trying to accomplish to see if this is
the right (or a possible) way to go about it.

I'm relocating a web/email/ssh server from one location to another (and
consequently to a new IP).  Since it's going to take many hours for the
IP address changes to propagate across DNS, I'd like to put a proxy box
in place at the old location that simply redirects all packets to the new
location. I would prefer for the new location to see the original source
IP address, rather than the IP address of the proxy.

Why do I need to patch sshd on faketarget? What I'm trying to do is just
send all the packets to realtarget, essentially untouched (other than the
destination IP).  I don't understand why sshd on faketarget would even be
involved...?
-- 
Adam Rosi-Kessel
http://adam.rosi-kessel.org



More information about the netfilter mailing list