Yes, the original destination address for the connection is lost, as it is
changed to the ATS address.
On Friday, June 26, 2015 11:31 AM, Jason Strongman
<[email protected]> wrote:
using NAT in this way, do you lose the client resolved origin address?
i know with DNAT you lose the client resolved origin.. but i havent
tried using redirect.
looks like something to answer for myself today.
On Fri, Jun 26, 2015 at 9:55 AM, Alan Carroll
<[email protected]> wrote:
> Yes, that's what I meant by using iptables to do the NAT. As noted, if you
> do that you don't need TPROXY at all and the port should *not* be marked
> transparent. I originally worked this out back when TPROXY wasn't standard
> and it's still useful for people who don't want to mess with it (TPROXY is
> not exactly simple and easy to use).
>
>
>
> On Thursday, June 25, 2015 5:05 PM, Leif Hedstrom <[email protected]> wrote:
>
>
>
> On Apr 8, 2015, at 5:30 PM, Yue, Cong <[email protected]> wrote:
>
> Hi
>
> Can somebody advise how I can do transparent proxy if I only have one physic
> NIC in my ATS server?
> The network topology in my environment is as
> 1, I am doing forward proxy
>
>
>
> Maybe I’m naive, but wouldn’t something like this work:
>
> iptables -t nat -A PREROUTING -i en0 -p tcp -m tcp -s 10.0.0.0/8 --dport
> 80 -j REDIRECT --to-port 8080
>
>
> (replace 10.0.0.0/8 with you internal network range).
>
> — leif
>
>
