[tproxy] failure to apply snat mapping?
Wed, 21 Apr 2004 19:35:37 +0200
Let's say that I have an app that connects to IP address 126.96.36.199, and uses
tproxy to fake the source address as 188.8.131.52. Bind the socket, then call
into tproxy, and then connect() and ta da -- everything works as expected.
Now I decide that that app should not connect to 184.108.40.206, but instead to
220.127.116.11. I don't want to modify the source and restart it, so I add a nat
rule in the iptables nat/OUTPUT chain to DNAT the address to 18.104.22.168.
The app now (unknowingly) connects to 22.214.171.124, that works fine. But.. the
source address used for the connection is now the source address of the box
and not anymore 126.96.36.199? :((
Is this a case of "Don't do that, then!!"?
I'm using "tproxy-2.4.22-1.1.3.diff" patched into a Red Hat 2.4.20 kernel
(2.4.20-20.9 to be exact) on a uniproc P4 2.4GHz, 1G RAM.