Re: Transparent proxy where source IP address remains unchanged -- possible?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Interesting. Are there any pre-packaged ways to do this? This sounds like
perhaps the least complex solution, once it's actually implemented.

Pre-packaged solutions?  Um, sure, it's called Linux.  :P  No, I don't know of any ""pre-packaged solutions.  What there are is pre made building blocks that you can put together in to your own solution.

That could work. I'm really only worried about DNS, HTTP, HTTPS, SMTP,
POP3, IMAP, and SSH. So I could redirect all those ports to different
ports on on faketarget (DNAT), then back to the real ports on realtarget
(using REDIRECT target?).

Can you give me an example (or point me to a URL) of what rules I would
need to run on realtarget to MARK the connections and then decide which
routing table to use?  Are we just talking about iptables commands, or is
there something additional that is required?

This is the command that you would need to run on the fake target to do the up and over part:

iptables -t nat -A PREROUTING -i $INet -d $FakeTargetIP -p tcp --dport 22 -j DNAT --to-destination $RealTargetIP:2222

This is the corresponding command that you would need to run on the real target to do the down and in part:

iptables -t mangle -A PREROUTING -i $INet -d $RealTargetIP -p tcp --dport 2222 -j MARK --set-mark $Mark
iptables -t nat -A PREROUTING -i $INet -d $RealTargetIP -p tcp --dport 2222 -j REDIRECT --to-ports 22

I'm not sure if you want the MARK target or the CONNMARK target as I have not worked with either of them.  But I think you see what I'm trying to accomplish with them.  As far as the rule, a little bit of reading should explain that (I'd have to do the reading my self at this hour).



Grant. . . .


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux