Transparent proxy where source IP address remains unchanged -- possible?

Taylor, Grant gtaylor at
Mon Aug 15 16:39:22 CEST 2005

> Okay, I understand all this. Is this all that is necessary to make sure
> the response packets go back through faketarget, though? Isn't this just
>  taking care of the first part--the "up and over/down and in" part--but
> not the second part, where packets need to go back to source through
> faketarget?

*nod*  I confess it was late and I was very tired when I wrote that email.  Yes you will need to do the corresponding in reverse, at least the up part and the unDNATing part should take care of the rest.  You will probably have to play with things a bit, but that should take care of you.

Grant. . . .

More information about the netfilter mailing list