Hi everybody. I'm using DNAT to transparently redirect TCP connections to a local application which is listening on a port for new connections. >From within my application, I'd like to be able to find out the original destination IP address of the packet/connection, before it got DNAT'ed. I've read about the API's within libnetfilter_queue and libnetfilter_conntrack, but cannot find any thing about looking up this information directly within the kernel NAT tables. The best way I can think of at the moment is to use libnetfilter_queue so that the application gets a copy of the SYN packets before they get DNAT'ed and stores the source IP/port in its own lookup tables so that once it accept()'s the connection it can then reference the lookup table to find the original destination IP. Is there a better way that I should be doing this? Is there a way I can get access to the NAT/DNAT tables within the kernel so that the application can query this information directly without having to maintain its own copy? Any help/ideas or pointers to further reading would be very much appreciated. Regards -- Brad. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
