From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: DNAT, Is it possible to find the original destination?
Date: Mon, 1 Nov 2004 11:10:41 -0500 [thread overview]
Message-ID: <20041101161041.GA18269@bender.817west.com> (raw)
In-Reply-To: <1099323026.41865692986d5@email.ixwebhosting.com>
On Mon, Nov 01, 2004 at 09:30:26AM -0600, lumberjack@lumberjackvillage.com wrote:
> iptables 1.2.9 on SuSE 9.1
>
> I am using iptables redirection to send things inbound to port 80 to
> localhost:8080:
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to 8080
>
> Is there any way that my application can look in the table and see the real
> destination? I've seen several things in patch-o-matic that do things with
> conntrack but there doesn't seem to be any command, /proc or /dev entry
> available to query "i have a connection from host foo, iptables, who was foo
> really wanting to speak too?".
well, in the case of you example port (80), if you're talking about an
HTTP request, the original destination of the request is preserved in the
"Host: " header. this is how transparent proxying works.
in the general case, i don't suppose there's anything stopping you from
performing a lookup against /proc/net/ip_conntrack within your app to
find the original dst ip (although it's been pointed out here recently
that lookups against /proc/net/ip_conntrack are a bad idea--check the
archives).
-j
--
"If something is to hard to do, then it's not worth doing."
--The Simpsons
next prev parent reply other threads:[~2004-11-01 16:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-01 15:30 DNAT, Is it possible to find the original destination? lumberjack
2004-11-01 16:10 ` Jason Opperisano [this message]
2004-11-02 6:11 ` Lumberjack
2004-11-02 13:39 ` Jason Opperisano
2004-11-08 23:09 ` Jason Lunz
-- strict thread matches above, loose matches on Subject: below --
2004-11-08 23:14 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041101161041.GA18269@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox