How to forward the ports with -j MASQUERADE with preservation of real ip addresses?

0 like 0 dislike
9 views
Good day! Please help to organize a reverse/transparent proxy server.

You need to forward the specific port (999) from one server (1.1.1.1) to another server (2.2.2.2) and thus to keep the real IP address of the client. I'm pretty sure that by a rule in iptables that is not possible, but still use the rules:

iptables-t nat -A PREROUTING policy -i venet0 -p tcp --dport 999 -j DNAT --to 2.2.2.2:999

iptables-t nat -A POSTROUTING -j MASQUERADE

These servers are not in LAN and both addresses 1.1.1.1 and 2.2.2.2 are available from the Internet. i.e. requests coming in, for example 188.1.1.1 from the client to the server 1.1.1.1:999 successfully routed to 2.2.2.2:999, and all was well until not required to determine the real client ip address for requests to 2.2.2.2 after the MASQUERADE come from the address 1.1.1.1 is 188.1.1.1.

Tried to study the issue with TPROXY mangle in, but unfortunately could not understand. Please help to find solution for reverse proxy, where it will be possible to transfer the real address of the client.
by | 9 views

1 Answer

0 like 0 dislike
haproxy + send-proxy + support for proxy protocol where it is forwarding, for example.
by
110,608 questions
257,186 answers
0 comments
32,854 users