From: Adam Rosi-Kessel <adam@rosi-kessel.org>
To: Jan Engelhardt <jengelh@linux01.gwdg.de>
Cc: netfilter@lists.netfilter.org
Subject: Re: Transparent proxy where source IP address remains unchanged -- possible?
Date: Thu, 11 Aug 2005 16:47:19 -0400 [thread overview]
Message-ID: <42FBB957.30003@rosi-kessel.org> (raw)
In-Reply-To: <Pine.LNX.4.61.0508112117380.23117@yvahk01.tjqt.qr>
[-- Attachment #1: Type: text/plain, Size: 924 bytes --]
Jan Engelhardt wrote:
>>Why do I need to patch sshd on faketarget? What I'm trying to do is just
>>send all the packets to realtarget, essentially untouched (other than the
>>destination IP). I don't understand why sshd on faketarget would even be
>>involved...?
> Then just use DNAT.
Right, that's where I started. What I'm trying to figure out is why when
I only use DNAT packets don't seem to get forwarded to the new
destination. They only show up if I also change the source IP to be the
address of the proxy.
Is this because the final destination is rejecting the packets, or the
proxy server is not actually passing them on?
I think I may not properly understand some architectural detail here. I
am changing the destination IP in DNAT/PREROUTING. Is there anything
else I need to do to make sure the packet is properly passed on to the
destination, where the proxy basically "disappears" as a middleman?
Adam
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 254 bytes --]
next prev parent reply other threads:[~2005-08-11 20:47 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-09 1:29 Transparent proxy where source IP address remains unchanged -- possible? Adam Rosi-Kessel
2005-08-11 5:42 ` Jan Engelhardt
2005-08-11 13:07 ` Adam Rosi-Kessel
2005-08-11 19:17 ` Jan Engelhardt
2005-08-11 20:47 ` Adam Rosi-Kessel [this message]
2005-08-12 5:02 ` Grant Taylor
2005-08-12 13:07 ` Adam Rosi-Kessel
2005-08-13 6:40 ` Grant Taylor
2005-08-13 13:12 ` Adam Rosi-Kessel
2005-08-15 6:51 ` Grant Taylor
2005-08-15 14:33 ` Adam Rosi-Kessel
2005-08-15 14:39 ` Taylor, Grant
2005-08-17 21:07 ` Ray Van Dolson
2005-08-19 3:16 ` Adam Rosi-Kessel
-- strict thread matches above, loose matches on Subject: below --
2005-08-10 15:22 Adam Rosi-Kessel
2005-08-12 18:35 ` curby .
2005-08-12 18:52 ` Adam Rosi-Kessel
2005-08-12 15:21 Gielen, Casper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42FBB957.30003@rosi-kessel.org \
--to=adam@rosi-kessel.org \
--cc=jengelh@linux01.gwdg.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox