Block IP but redirect traffic to internal server.

  • I'm trying to setup a port redirection rule that will send all incoming traffic from a specific IP address to a specific server/port rather than completely blocking the IP address. The reason for is because sometimes our Web Application Firewall will block a genuine customer and we need to tell them they have been blocked rather than just dropping their connections.

    I have added a rule to Firewall / NAT / Port Forward which almost worked and the traffic hit the internal server but didn't seem to be able to get back to the client. On my test client the webpage just wouldn't load but using tcpdump I could see the traffic coming in to the server.

    I have been testing this with success on my home box and it worked but I can't get it to work on our production box. The main difference is the production box is setup in transparent mode and has 3 interfaces: WAN, Bridge and LAN.

    Can anyone give me some pointers on what the problem might be.