Transparent proxy where source IP address remains unchanged -- possible?

Adam Rosi-Kessel adam at
Thu Aug 11 22:47:19 CEST 2005

Jan Engelhardt wrote:
>>Why do I need to patch sshd on faketarget? What I'm trying to do is just
>>send all the packets to realtarget, essentially untouched (other than the
>>destination IP).  I don't understand why sshd on faketarget would even be
> Then just use DNAT.

Right, that's where I started. What I'm trying to figure out is why when
I only use DNAT packets don't seem to get forwarded to the new
destination. They only show up if I also change the source IP to be the
address of the proxy.

Is this because the final destination is rejecting the packets, or the
proxy server is not actually passing them on?

I think I may not properly understand some architectural detail here.  I
am changing the destination IP in DNAT/PREROUTING.  Is there anything
else I need to do to make sure the packet is properly passed on to the
destination, where the proxy basically "disappears" as a middleman?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/netfilter/attachments/20050811/23d0fb46/signature.bin

More information about the netfilter mailing list