0

I have a host with ip $HOST_IP which runs an HTTP server on port 8080. There is a transparent proxy server running on port 9000 on host with IP $PROXY_SERVICE_IP.

I'm trying to forward traffic from the original host to the proxy server. I have these two iptables rules:

iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination $PROXY_SERVICE_IP:9000
iptables -t nat -A POSTROUTING -p tcp -d $PROXY_SERVICE_IP --dport 9000 -j SNAT --to-source $HOST_IP

They work great, I get the packet to the proxy server.

The problem: The proxy server tries to resolve the original request, by make the request to the host, but that traffic is redirected to the proxy, so it ends up in a loop.

What iptables rule could I use to prevent this? When the proxy server makes a request to the host disable the forwarding? I tried to add ! -s $PROXY_SERVICE_IP to the rules above, but it didn't work.

Dávid Molnár
  • 101
  • 2
  • why not use nginx or apache as proxy? you don't need a second program to do the same, that's called reverseproxy – djdomi May 08 '21 at 13:37
  • My use case is different, the transparent proxy is custom, provides e.g. mocking based on rules. – Dávid Molnár May 08 '21 at 13:46
  • sorry but this site is not for fun, what is the business related question and use case? if, and it looks nearly 100%for this, your question fits to superuser.com – djdomi May 08 '21 at 16:24
  • I don't understand what you mean by business related question. I'm not doing this for "fun", but in a business if that's what you mean. – Dávid Molnár May 08 '21 at 16:26
  • It turns out `! -s $PROXY_SERVICE_IP` works perfectly well - the only problem in my case was, that the IP address actually was incorrect. – Dávid Molnár May 08 '21 at 17:31

0 Answers0