Hello, I'm a bit confused about how NAT and forwarding works. Here's the situation: I have a proxy server and a web server behind a firewall/gateway. The proxy and the web server now have private addresses but they used to have public addresses. Since I can't make changes to the DNS server, I added those two old addresses to the firewall's eth0 interface and then I added the following rules to iptables: *filter #http requests -A FORWARD -i eth0 -o eth1 -p tcp --syn -d 192.168.0.3 --dport 80 -j ACCEPT -A FORWARD -i eth0 -o eth1 -p tcp --syn -d 192.168.0.3 --dport 443 -j ACCEPT #Ezproxy -A FORWARD -i eth0 -o eth1 -p tcp --syn -d 192.168.0.2 --dport 2048 -j ACCEPT COMMIT *nat #forwarding and NAT -A POSTROUTING -o eth0 -j SNAT --to FIREWALL_IP #web server -I PREROUTING -i eth0 -p tcp -d OLD_WEB_IP --dport 80 -j DNAT --to 192.168.0.3:80 -I PREROUTING -i eth0 -p tcp -d OLD_WEB_IP --dport 443 -j DNAT --to 192.168.0.3:443 #Ezproxy -I PREROUTING -i eth0 -p tcp -d PROXY_IP --dport 2048 -j DNAT --to 192.168.0.2:2048 COMMIT The proxy server authenticates users by connecting to a database that's not behind the firewall. I looked at the log files of the database server and I noticed that the firewall's IP address is the one that's showing up instead of the address of the proxy server. I just read the NAT howto from netfilter.org and I guess this line the responsible for that behavior. -A POSTROUTING -o eth0 -j SNAT --to FIREWALL_IP Is it possible to make requests for PROXY_IP go out with the PROXY_IP address instead of the FIREWALL_IP? If so, how can I do that? Or where do I find info about what I want to do? Thanks.
