>
> Here is my scenario.
>
> Firewall running linux, redirects to an internal FreeBSD machine that is
> running squid.
>
>
> iptables -t nat -A PREROUTING -i ethx -s ! squid-box -p tcp --dport 80 -j
> DNAT --to squid-box:3128
>
> iptables -t nat -A POSTROUTING -o ethx -s local-network -d squid-box -j SNAT
> --to iptables-box
>
> iptables -A FORWARD -s local-network -d squid-box -i ethx -o ethx -p tcp
> --dport 3128 -j ACCEPT
>
>
> The above rules are working fine, except for the fact the logs indicate the
> IP address of my internal firewall NIC.
>
> Is there any hope of preserving the real client IP via an iptables rule?
> Any help would be appreciated. Thank you.
What you must do is to have the packets redirected to the proxy server box
without using NAT.
You can use MARK and policy routing for this purpose.
Regards
Henrik
Received on Sun Mar 07 2004 - 19:43:14 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST