Transparent proxy where source IP address remains unchanged -- possible?

Adam Rosi-Kessel adam at
Fri Aug 12 15:07:39 CEST 2005

Grant Taylor wrote:
> Is the faketarget and realtarget on the same subnet or are they on
> different subnets?  The reason that I ask is if you could make the
> traffic returning from realtarget back to userbox pass through
> faketarget it could be unDNATed and then sent back to the userbox. 
> However to pull this off you would have to play with the routing on the
> realtarget to make it use faketarget as it's upstream gateway and then
> do postrouting SNATing of the source IP back to that of the faketarget
> as the traffic left the faketarget.  This same idea can be expanded upon
> if the faketarget and realtarget are not on the same subnet, but it is
> not easy.

Different subnets.

Another complication is that some of the packets coming into realtarget
will be coming in directly from their original source, so I couldn't
just route *all* traffic back through faketarget.

But is there some way I could tag packets coming in from faketarget, so
that realtarget knows that all traffic returning back with that tag goes
through faketarget?
Adam Rosi-Kessel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/netfilter/attachments/20050812/f766ddac/signature.bin

More information about the netfilter mailing list