How to redirect traffic along with client ip?

R

Risin02016-01-13 10:38:43

linux

Risin0, 2016-01-13 10:38:43

Hello.
It was necessary to temporarily redirect traffic from the port of one machine to another. Through iptables, this is done simply: iptables -t nat -A PREROUTING -p 11111 --dport port -j DNAT --to-destination 1.2.3.4:11111
iptables -t nat -A POSTROUTING -j MASQUERADE
Everything works, but there is one BUT (quite logical), on the machine where the traffic is redirected, the ip of the machine on which the redirection is redirected, and not the ip of the client.
ip to be redirected to is not on the same network!
Is it possible to redirect traffic with the original ip of the client, and if so, how?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

Mystray, 2016-01-13
@Mystray

Here it is:
iptables -t nat -A POSTROUTING -j MASQUERADE
replaces the Source IP address of all outgoing packets with the IP of this machine. Remove this rule (or limit its scope) - it will not be substituted.
But you need to make sure that the reverse traffic also goes through the same machine that replaces the addresses, at least for protocols with two-way data exchange. Without it, everything will break.
If there is syslog or other "one-way" udp protocols, then it will be fine.
Or, if possible, use a proxy and L7 protocol tools like the X-Forwarded-For header.

V

Vladimir Io, 2016-01-13
@vawsan

If I'm not mistaken, you're doing a forwarding, not a redirect. For a redirect, there is a REDIRECT command for the local network.
Your situation is described here - www.debuntu.org/how-to-redirecting-network-traffic...

D

Dmitry Chervonobab, 2016-01-13
@maddimons

You need traffic mirroring.
You need to use --tee. More on Habré:
m.habrahabr.ru/post/55256