Hello,
1. Sorry if this has been already asked before ( couldn't find the
answer in the archives) or the wrong list.
2. Changing the destination ip and port of TEE'ed udp datagrams seems
doable and I was just wondering if there are some arguments against
adding it to TEE.
Something like this:
# iptables -t mangle -A PREROUTING -i lo -p udp --dport 223 -j TEE
--gateway 192.168.0.1 --new-dst 192.168.0.21 --new-dport 201
# iptables -t mangle -L -nv --line
Chain PREROUTING (policy ACCEPT 159 packets, 14878 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 TEE udp -- lo * 0.0.0.0/0
0.0.0.0/0 udp dpt:223 TEE gw:192.168.0.1 new-dst:192.168.0.21
new-dport:201
..
$ nc -u 0 223 <<<'test'
# tcpdump -nn -i eth0 port 201 or 223
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
..
15:59:01.618826 IP 127.0.0.1.38060 > 192.168.0.21.201: UDP, length 5
3. w/o --new-dst and --new-dport : the way it is right now.
# iptables -t mangle -A PREROUTING -i lo -p udp --dport 223 -j TEE
--gateway 192.168.0.1
# iptables -t mangle -L -nv --line
..
num pkts bytes target prot opt in out source
destination
1 1 33 TEE udp -- lo * 0.0.0.0/0
0.0.0.0/0 udp dpt:223 TEE gw:192.168.0.1 new-dst:192.168.0.21
new-dport:201
2 0 0 TEE udp -- lo * 0.0.0.0/0
0.0.0.0/0 udp dpt:223 TEE gw:192.168.0.1
thx,
-sergey
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
