transparent proxy with iptable redirect

transparent proxy with iptable redirect

[Peter Chen]

I have a pretty straightforward question that I've been wondering. If
I add an iptable redirect rule (e.g. dst tcp port 80 to tcp port
8080), it would change every tcp packet with port 80 as its
destination to a tcp packet with destination 8080. Now if my
application listening on 8080 were to reply to the source, it would
transmit a tcp packet with src port 8080, but the source side is
expecting a tcp packet with src port 80.

So my question is, how does the reverse path from dest back to the
src, at what point does the port number get rewritten from 8080 back
to 80, making the redirect transparent? Is this done by iptable
automatically on a redirect target?

Thanks,

Peter

Re: transparent proxy with iptable redirect

[Pascal Hambourg]

Peter Chen a écrit :
> I have a pretty straightforward question that I've been wondering. If
> I add an iptable redirect rule (e.g. dst tcp port 80 to tcp port
> 8080), it would change every tcp packet with port 80 as its
> destination to a tcp packet with destination 8080. Now if my
> application listening on 8080 were to reply to the source, it would
> transmit a tcp packet with src port 8080, but the source side is
> expecting a tcp packet with src port 80.
> 
> So my question is, how does the reverse path from dest back to the
> src, at what point does the port number get rewritten from 8080 back
> to 80, making the redirect transparent? Is this done by iptable
> automatically on a redirect target?

Yes. Stateful NAT takes care of both directions of the connection.