Yes, that's what I meant by using iptables to do the NAT. As noted, if you do
that you don't need TPROXY at all and the port should *not* be marked
transparent. I originally worked this out back when TPROXY wasn't standard and
it's still useful for people who don't want to mess with it (TPROXY is not
exactly simple and easy to use).
On Thursday, June 25, 2015 5:05 PM, Leif Hedstrom <[email protected]> wrote:
On Apr 8, 2015, at 5:30 PM, Yue, Cong <[email protected]> wrote:
Hi Can somebody advise how I can do transparent proxy if I only have one
physic NIC in my ATS server?The network topology in my environment is as1, I am
doing forward proxy
Maybe I’m naive, but wouldn’t something like this work:
iptables -t nat -A PREROUTING -i en0 -p tcp -m tcp -s 10.0.0.0/8 --dport
80 -j REDIRECT --to-port 8080
(replace 10.0.0.0/8 with you internal network range).
— leif
