On 06/09/10 16:16, Curby wrote:
I think the problem is that a single DNAT rule would cause the
request to go through to the internal proxy, but the proxy would send
a reply back to the client, which rejects it because it's expecting a
reply from the router box.
I agree.
If you want to do the redirection this way, you have to SNAT the traffic
from the router to the proxy so that the proxy will reply to the router.
Then when the router receives the reply from the proxy, it will pass
the reply on to the original client.
I have done this before and it works quite well.
Now, I do ask the question, is it not possible to have your clients
communicate directly with the proxy?
I ask because what you want to do can be done and does work, but it
causes all the traffic between clients and the proxy to pass through the
router, thus making your router's NIC & CPU be a potential bottle neck
that can (fairly easily) be avoided.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
