Transparent proxy where source IP address remains unchanged --
adam at rosi-kessel.org
Fri Aug 12 15:07:39 CEST 2005
Grant Taylor wrote:
> Is the faketarget and realtarget on the same subnet or are they on
> different subnets? The reason that I ask is if you could make the
> traffic returning from realtarget back to userbox pass through
> faketarget it could be unDNATed and then sent back to the userbox.
> However to pull this off you would have to play with the routing on the
> realtarget to make it use faketarget as it's upstream gateway and then
> do postrouting SNATing of the source IP back to that of the faketarget
> as the traffic left the faketarget. This same idea can be expanded upon
> if the faketarget and realtarget are not on the same subnet, but it is
> not easy.
Another complication is that some of the packets coming into realtarget
will be coming in directly from their original source, so I couldn't
just route *all* traffic back through faketarget.
But is there some way I could tag packets coming in from faketarget, so
that realtarget knows that all traffic returning back with that tag goes
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/netfilter/attachments/20050812/f766ddac/signature.bin
More information about the netfilter