SNAT on local interfaces?

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Dave Malhotra <davemalhotra@gmail.com>
To: netfilter@vger.kernel.org
Subject: SNAT on local interfaces?
Date: Thu, 3 Dec 2009 12:47:37 -0500	[thread overview]
Message-ID: <bbade2c10912030947x5aca86eap8bcc9936e128c519@mail.gmail.com> (raw)
In-Reply-To: <bbade2c10912030945ufb7dd78rac68fbb3147cc08f@mail.gmail.com>

 I have a custom proxy which is being used to direct traffic based on
application layer data. The proxy receives connections from foreign
addresses and then proxies them to applications running on the local
machine--the same machine the proxy is running on.

The problem is that all the connections to applications appear to come
from the proxy server's ip address instead of the originating foreign
address. We need the source address to be the foreign address and
tried to use SNAT to do it. But apparent SNAT doesn't work when the
source and destination addresses are all on local interfaces.

When I do a tcpdump I see all the traffic that should be caught by the
SNAT rule appears on the loopback interface. When I check the rule no
packets are caught by it.

Is there anyway to get SNAT to work for local source and destination
address? Or is this some sort of limitation imposed by the kernel or
iptables?

 thanks,

 Dave

          parent reply	other threads:[~2009-12-03 17:47 UTC|newest]

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <bbade2c10912030945ufb7dd78rac68fbb3147cc08f@mail.gmail.com>]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bbade2c10912030947x5aca86eap8bcc9936e128c519@mail.gmail.com \
    --to=davemalhotra@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).