On Feb 9 2007 12:27, Pascal Hambourg wrote: >> ----------- >> *nat >> -A PREROUTING -p tcp --dport 80 -j DNAT --to x.y.z:80 >> COMMIT >> ----------- >> >> This seems to ALMOST work. The request from a client system (System C) >> go to System A, get rewritten and are received by system B. System B >> seems to be responding, trying to send to System C directly, but (I >> think) System C is expecting its response to be from system A, not >> System B, so it ignores the responses. > > As usual. Known issue. > If you cannot or do not wish to prevent direct routing between the client and > the server, you must SNAT the forwarded connections in the POSTROUTING chain. Or make it so that any packets from C pass B. For example, by setting up your proxy box as a router or bridge (both approaches work) in the middle. Jan -- ft: http://freshmeat.net/p/chaostables/
