How to forward the ports with -j MASQUERADE with preservation of real ip addresses?

0 like 0 dislike
Good day! Please help to organize a reverse/transparent proxy server.

You need to forward the specific port (999) from one server ( to another server ( and thus to keep the real IP address of the client. I'm pretty sure that by a rule in iptables that is not possible, but still use the rules:

iptables-t nat -A PREROUTING policy -i venet0 -p tcp --dport 999 -j DNAT --to


These servers are not in LAN and both addresses and are available from the Internet. i.e. requests coming in, for example from the client to the server successfully routed to, and all was well until not required to determine the real client ip address for requests to after the MASQUERADE come from the address is

Tried to study the issue with TPROXY mangle in, but unfortunately could not understand. Please help to find solution for reverse proxy, where it will be possible to transfer the real address of the client.
by | 9 views

1 Answer

0 like 0 dislike
haproxy + send-proxy + support for proxy protocol where it is forwarding, for example.
110,608 questions
257,186 answers
32,854 users