Re: Redirecting Outbound Port to Internal Server

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Redirecting Outbound Port to Internal Server
Date: Wed, 09 Jun 2010 16:24:12 -0500	[thread overview]
Message-ID: <4C10067C.8000302@riverviewtech.net> (raw)
In-Reply-To: <AANLkTimU5146nsWSNdDOVRT3bdxZJC1BwHPdTeb1h3K6@mail.gmail.com>

On 06/09/10 16:16, Curby wrote:
> I think the problem is that a single DNAT rule would cause the 
> request to go through to the internal proxy, but the proxy would send 
> a reply back to the client, which rejects it because it's expecting a 
> reply from the router box.

I agree.

If you want to do the redirection this way, you have to SNAT the traffic 
from the router to the proxy so that the proxy will reply to the router. 
  Then when the router receives the reply from the proxy, it will pass 
the reply on to the original client.

I have done this before and it works quite well.

Now, I do ask the question, is it not possible to have your clients 
communicate directly with the proxy?

I ask because what you want to do can be done and does work, but it 
causes all the traffic between clients and the proxy to pass through the 
router, thus making your router's NIC & CPU be a potential bottle neck 
that can (fairly easily) be avoided.

Grant. . . .

next prev parent reply	other threads:[~2010-06-09 21:24 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-06-09 20:48 Redirecting Outbound Port to Internal Server Aaron Clausen
2010-06-09 21:06 ` Jan Engelhardt
2010-06-09 21:16 ` Curby
2010-06-09 21:24   ` Grant Taylor [this message]
2010-06-09 22:43     ` Curby
2010-06-10  0:17       ` Grant Taylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C10067C.8000302@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).