On 11/15/2008 12:38 AM, sebastien wrote:
The problem is that iptables or ip6tables won't be natively able to send me the original destination client's address and port of server's answer : am I wrong ? iptables and ip6tables will form a new address and port destination and that'all.
Why not? (See below.)
If so, I need a way to send the exact port of the original packet to the corrective program : the one which will desserve transparently the client called by ? ... iptables or ip6tables.
I think you will probably be best served by (I believe) the QUEUE target that allows IPTables to pass complete packets to user space for processing.
Does iptables and ip6tables modules can do this ? Call a extern program with the full packet content of the server.
I think if you use the QUEUE target you will be able to pass packets (which ever ones you want) to your ""correction program, including all source / destination IP and port information. With this information you should be able to process the packets as you see fit and then generate a new reply packet.
Grant. . . . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
