Hello,
Andrus, Mr. Brian (Contractor) a écrit :
I have a system with a single nic and ip address a.b.c.1 (system A)
I want to proxy incoming requests to port 80 to a different system on a
different subnet of x.y.z.1 (system B)
On system a.b.c.1, I am trying the following in my
/etc/sysconfig/iptables:
-----------
*nat
-A PREROUTING -p tcp --dport 80 -j DNAT --to x.y.z:80
COMMIT
-----------
This seems to ALMOST work. The request from a client system (System C)
go to System A, get rewritten and are received by system B. System B
seems to be responding, trying to send to System C directly, but (I
think) System C is expecting its response to be from system A, not
System B, so it ignores the responses.
As usual. Known issue.
If you cannot or do not wish to prevent direct routing between the
client and the server, you must SNAT the forwarded connections in the
POSTROUTING chain.
