Jan Engelhardt a écrit :
On Feb 9 2007 12:27, Pascal Hambourg wrote:
-----------
*nat
-A PREROUTING -p tcp --dport 80 -j DNAT --to x.y.z:80
COMMIT
-----------
If you cannot or do not wish to prevent direct routing between the client and
the server, you must SNAT the forwarded connections in the POSTROUTING chain.
Or make it so that any packets from C pass B.
This is what I meant when I wrote "prevent direct routing between the
client and the server".
For example, by setting up
your proxy box as a router or bridge (both approaches work) in the middle.
I may be wrong, but doing IP NAT on a bridge seems to me quite
unnatural and troublesome.
