[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rewriting source and destination of local packets

On Thu, 2005-03-24 at 11:26 +0100, martin f krafft wrote:
> Maybe this is clear:
>   (nat table)
>   -A OUTPUT -o world -p tcp --dport 80 -j redirect-local-squid
>   -A redirect-local-squid -m owner --gid-owner 13 -j ACCEPT
>   -A redirect-local-squid -p tcp -j REDIRECT --to-port 3128
> This works. Problem is that the packets arriving at 3128 have the
> dynamic external IP as source, when they should have
Is there a problem with that? When a program under linux tries to
contact an address that's used by one of the machine's interfaces, the
traffic is sent localy and never goes to that interface. Using SNAT
would probably break the http client because it would send using the
world ip and therefore wouldn't be listening on for the reply
from squid.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: