using NAT in this way, do you lose the client resolved origin address? i know with DNAT you lose the client resolved origin.. but i havent tried using redirect.
looks like something to answer for myself today. On Fri, Jun 26, 2015 at 9:55 AM, Alan Carroll <[email protected]> wrote: > Yes, that's what I meant by using iptables to do the NAT. As noted, if you > do that you don't need TPROXY at all and the port should *not* be marked > transparent. I originally worked this out back when TPROXY wasn't standard > and it's still useful for people who don't want to mess with it (TPROXY is > not exactly simple and easy to use). > > > > On Thursday, June 25, 2015 5:05 PM, Leif Hedstrom <[email protected]> wrote: > > > > On Apr 8, 2015, at 5:30 PM, Yue, Cong <[email protected]> wrote: > > Hi > > Can somebody advise how I can do transparent proxy if I only have one physic > NIC in my ATS server? > The network topology in my environment is as > 1, I am doing forward proxy > > > > Maybe I’m naive, but wouldn’t something like this work: > > iptables -t nat -A PREROUTING -i en0 -p tcp -m tcp -s 10.0.0.0/8 --dport > 80 -j REDIRECT --to-port 8080 > > > (replace 10.0.0.0/8 with you internal network range). > > — leif > >
