On 25/04/2008, Bradley Kite <bradley.kite@xxxxxxxxx> wrote: > On 25/04/2008, Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> wrote: > > > > On Friday 2008-04-25 13:06, Bradley Kite wrote: > > > > > >I'm using DNAT to transparently redirect TCP connections to a local > > >application which is listening on a port for new connections. > > > > > >From within my application, I'd like to be able to find out the > > >original destination IP address of the packet/connection, before it > > >got DNAT'ed. > > > > > > getsockopt(... SO_ORIGINAL_DST ...) in endpoint programs or > > alternatively, iptables -m conntrack --ctorigdst <xxx> can be used > > in iptables. > > > > > Many thanks, thats so much simpler and will save me a lot of work. > > Regards > > -- > Brad. Just one more question, if I may... How would one do the same with IPv6? Since NAT and IPv6 together are frowned upon, what is the accepted/preferred method of transparently intercepting traffic? Regards -- Brad. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
