Trouble using iptables for IP masquerading
I'm using CentOS on a box with two NICs as a firewall server, everything goes through that box. The webserver is fine, as I am running nginx as a reverse proxy on the box itself, however my application server (which MUST run on Windows) is a different story.
Although I'm not entirely sure if it's possible, I've been assured that it's possible to forward IP traffic from the firewall machine to the application server (running on Windows) WHILE preserving the source IP address.
I've been reading iptables documentation extensively, but I'm still not sure if it's actually possible. Here's how I've been told to do this:
Please note that eth0 is the public interface (and default gateway), and eth1 is the private interface.
-A PREROUTING -p tcp -i eth0 -m tcp --destination $PUBLIC_IP --dport $SERVER_PORT -j DNAT --to-destination $INTERNAL_IP:$SERVER_PORT
-A POSTROUTING -p tcp -o eth1 -m tcp --dport $SERVER_PORT -j MASQUERADE
The problem, however, is the source IP address becomes the firewall box (10.1.1.2) - which leads me to wonder if: a. it's simply not possible to forward the source IP address, b. I am going about this the wrong way, or c. it's correct and Windows is being a nuisance (and I realise this is a linux forum, sorry!).
Any help is much appreciated, thanks.