Hello, When redirecting, the destination address is replaced by the first ip-address on the receiving interface. If the packet originally was sent to the second ip-address (or third, fourth, etc..), this patch doesn't change the destination ip. ============ --- linux.orig/net/ipv4/netfilter/ipt_REDIRECT.c +++ linux/net/ipv4/netfilter/ipt_REDIRECT.c @@ -78,7 +78,21 @@ rcu_read_lock(); indev = __in_dev_get_rcu((*pskb)->dev); if (indev && (ifa = indev->ifa_list)) + { + struct in_ifaddr *ifa_cur; // interface ip-list cursor + + // set current destination ip + newdst = ((struct iphdr*)skb_network_header(*pskb))->daddr; + + // iterate through interface ip list + for (ifa_cur = ifa; ifa_cur; ifa_cur = ifa_cur->ifa_next) + if (newdst == ifa_cur->ifa_local) + goto newdst_is_local; + + // set new destination to first ip of this interface newdst = ifa->ifa_local; + } + newdst_is_local: rcu_read_unlock(); if (!newdst) ============ Kind regards, Bas van Sisseren -- Bas van Sisseren <bas@xxxxxxxxxxxxxxxxx> Quarantainenet -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html