using NAT in this way, do you lose the client resolved origin address?
i know with DNAT you lose the client resolved origin.. but i havent
tried using redirect.
looks like something to answer for myself today.
On Fri, Jun 26, 2015 at 9:55 AM, Alan Carroll
<solidwallofcode@yahoo-inc.com> wrote:
> Yes, that's what I meant by using iptables to do the NAT. As noted, if you
> do that you don't need TPROXY at all and the port should *not* be marked
> transparent. I originally worked this out back when TPROXY wasn't standard
> and it's still useful for people who don't want to mess with it (TPROXY is
> not exactly simple and easy to use).
>
>
>
> On Thursday, June 25, 2015 5:05 PM, Leif Hedstrom <zwoop@apache.org> wrote:
>
>
>
> On Apr 8, 2015, at 5:30 PM, Yue, Cong <Cong_Yue@alliedtelesis.com> wrote:
>
> Hi
>
> Can somebody advise how I can do transparent proxy if I only have one physic
> NIC in my ATS server?
> The network topology in my environment is as
> 1, I am doing forward proxy
>
>
>
> Maybe I’m naive, but wouldn’t something like this work:
>
> iptables -t nat -A PREROUTING -i en0 -p tcp -m tcp -s 10.0.0.0/8 --dport
> 80 -j REDIRECT --to-port 8080
>
>
> (replace 10.0.0.0/8 with you internal network range).
>
> — leif
>
>
|