* Siraj 'Sid' Rakhada (sid@mindless.co.uk) [021114 08:08]: > I connect to port 443 on my firewall, and that then forwards the > connection onto another host:port, at the same time rewriting the > headers, and doing connection tracking (a form of NAT...). > > As far as the host that actually deals with the data, it only sees my > firewall connecting to it. Not the host that connects to port 443 on > the firewall. I don't believe this. Well, I should qualify that: I don't believe that the single DNAT rule you gave would cause this effect. You must also have some SNAT going on as well, or your firewall shouldn't be rewriting the source address. Maybe your upstream is doing some kind of rewriting to keep you from sending out spoofed packets, so it changes the source to your address? good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/
Attachment:
pgpYZ1TAxkSJq.pgp
Description: PGP signature