Jan Engelhardt wrote: >>Why do I need to patch sshd on faketarget? What I'm trying to do is just >>send all the packets to realtarget, essentially untouched (other than the >>destination IP). I don't understand why sshd on faketarget would even be >>involved...? > Then just use DNAT. Right, that's where I started. What I'm trying to figure out is why when I only use DNAT packets don't seem to get forwarded to the new destination. They only show up if I also change the source IP to be the address of the proxy. Is this because the final destination is rejecting the packets, or the proxy server is not actually passing them on? I think I may not properly understand some architectural detail here. I am changing the destination IP in DNAT/PREROUTING. Is there anything else I need to do to make sure the packet is properly passed on to the destination, where the proxy basically "disappears" as a middleman? Adam
Attachment:
signature.asc
Description: OpenPGP digital signature
