Jari.Marikainen@xxxxxx wrote:
Hi, I agree on your resoning below. I also ran into another problem. Will your earlier suggestion work with SSL? This could look somewhat suspicious from the client side I imagine.
I hop I'm not talking nonsense, I have not followed this thread and just react on this post.
AFAIK the SSL-certificate is not bound to an IP-address, so this should not give you any problem.
Your suggestion was:
> iptables -t nat -A PREROUTING -p tcp --dport 80 -d 195.198.111.x \ > -j DNAT --to-destination 65.114.4.69 > iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 65.114.4.69 \ > -j SNAT --to-source <your external IP address on this machine>
This last one should read: iptables -t nat -A POSTROUTING -p tcp --sport 80 -s 65.114.4.69 \ -j SNAT --to-source <your external IP address on this machine>
The switch should be for source, not destination. And of course 80 should be changed to 443 (the port that is used by HTTPS).
-- Regards,
André