I have a remote server (B) that forwards certain incoming traffic to another port of a different server (A, dest).
With "masquerade" I only see traffic coming from the forward server (B), is it possible to see traffic coming from the original sources (C)? If I replace "masquerade" with "accept" I can't reach anymore port 8080 of destination (A).
Sketch:
C -> B:25 -> A:8080
# A receives C requests as if B made them
# Unfortunately this breaks some implementations like SPF
NFTables configuration:
# define destination address
define dest = 10.0.0.2
# table for smtp forwarding
table ip smtp {
chain pre {
type nat hook prerouting priority -100
tcp dport 25 dnat to $dest:8080
}
chain post {
type nat hook postrouting priority 100
ip daddr $dest masquerade
}
}