Alec Matusis wrote:
Thanks Robert.
My requirement is to have a transparent proxy in some sense: the TCP packets
should be proxied by box A to a server on box B, and back from B to the
client (via A I guess). The server on box B should see the original IP
address of the client. When I do SNAT on A, the original IP becomes
invisible for box B.
You just need to ensure that packets from B to the client get routed via
box A. That is a routing issue, not a netfilter problem. Depending on
what other traffic is going to/from box B, the solution could be as simple
as making box A the gateway for the default route out of box B. If B
is handling other traffic that does not go through A, then you'll
probably need to use the advanced routing features of iproute2 to
selectively route the packets. There's a rather extensive "Linux Advanced
Routing & Traffic Control HOWTO" available from http://lartc.org .
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.
|