RE: using PREROUTING to change destination

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Maybe better word for most people would be "final destination" , and not real .
( but real is the actually the "real" destination for THAT rule where clients will be sent ,
 not the actual target the client originally tried to reach and "think" it is still reaching )

For the termination I would say yes , because "you" decide where it terminates so if you are asking I will
assume you are using an out of the box PROXY which would typically make new connections in the "backend" from its own source IP .


Best regards
André Paulsberg-Csibi
Senior Network Engineer 
Fault Handling
IBM Services AS
andre.paulsberg-csibi@xxxxxxxx
M +47 9070 5988



-----Original Message-----
From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Ran Shalit
Sent: 14. mars 2017 09:57
To: netfilter@xxxxxxxxxxxxxxx
Subject: Q: using PREROUTING to change destination

Hello,

I am trying to understand how to use rules with PREROUTING and
transparent proxy.

In documentation it is said:

"6.2 Destination NAT

This is done in the PREROUTING chain, just as the packet comes in;
this means that anything else on the Linux box itself (routing, packet
filtering) will see the packet going to its `real' destination. It
also means that the `-i' (incoming interface) option can be used."

What does `real' destination means here ? Does it mean that the packet
is transfered to the new destination according to the rule given for
PREROUTING ?
for example, In case of transparent proxy :

iptables -t nat -A PREROUTING -p tcp -s 192.168.201.0/24 --dport 80 -j
DNAT --to 192.168.201.250:3128

Does it mean that the transparent proxy will be the end destination of
the packet ?

I am new with iptables.

Thank you,
Ran
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
��.n��������+%������w��{.n����z��׫�)��jg��������ݢj����G�������j:+v���w�m������w�������h�����٥
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux