NAT and Routing question

Thu Apr 15 05:45:50 PDT 2004

Hi,

it seems I´m stuck here due to a NAT/Routing issue.

For building a forced proxy I am trying to do the following:

PC -> [Interface A -> redirect to 127.0.0.1, port 80 -> Interface B (default
gateway)] -> PC

1. User on PC opens browser to connect to an arbitrary site
2. the request enters the proxy machine on interface "A"
3. an ipf/ipnat redirection rule "rdr InterfaceA 0/0 port 80 -> 127.0.0.1/32
port 80 tcp" does the redirection
4. the local Apache picks the appropriate page
5. the translation/redirection from 3 is being reversed
6. the answer is sent out on interface "B" with the original source address and
   the original destination address but with the payload from the proxy

Everything works up to point 4 - but the answer never reaches the requesting
PC. It seems that the NAT can not be reverted when the answers are being sent
out on a different interface then they arrived on. Seems the state is not only
being kept in terms of source ip:source port/destination ip:destination port
but also interface wise.

Might this be the reason?

If I enter a hostroute to send the answer to the requets out to InterfaceA
instead of InterfaceB, everything works. The point is, I do not want to enter
routes back to the "PC´s" as this would be time consuming. I´d prefer having
everything sent out on the default gateway.

Any help/hint will be appreciated.

TIA,

Emre

--
I don't see why some people even HAVE cars. -- Calvin

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.