-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pedro Werneck wrote: > I have a daemon, a sort of proxy, written in Python, who receives > redirected connections with a rule like this: > > iptables -t nat -A PREROUTING -j DNAT -p TCP -s source --to-destination host:port > > The problem is that I need access to the original destination address, > but I could not find a way to do that when I wrote the daemon. [...] > Is it possible to do this with SO_ORIGINAL_DST, or is there any other > approach for obtaining the original address ? > SO_ORIGINAL_DST works only on local REDIRECT. If you do NAT and run proxy on the same machine use REDIRECT instead. Otherwise you need an silly side channel for delivering original address. (Maybe create IP tunnel betwean NATing machine and proxy machine and then REDIRECT this traffic on proxy machine.) - -- Petr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEVv3zuR4f4nEwzHIRArLeAKCAKSVvmKaQCe/pE5HDeHFc/Vw0swCfdy9Q t8czUPh+btwIf1dEGKlp9/M= =TbTl -----END PGP SIGNATURE-----
