Hello, I am working on configuring a multihomed machine, and one of my goals is to redirect some outgoing TCP-traffic originating from this machine using iptables. Currently, I have got it working with UDP and if I add the rule to the output-chain of the NAT-table before I start the connection, it works. However, sometimes I want to start doing redirection in the middle of a TCP connection and this does not seem to work. I do not get any matches to my LOG-target (except for the first SYN packet) and the packets still go through the old interface. In other words, it somehow seems like TCP is skipping the NAT's output-chain. Does anyone have any ideas how to solve this? The iptables rule I use is: sudo iptables -A OUTPUT -t nat -p tcp -d 192.168.101.14 --dport 9999 -j DNAT --to 192.168.100.250:9999 The LOG rule is constructed like this: sudo iptables -A OUTPUT -t nat -p udp -d 192.168.101.14 --dport 9999 -m state --state NEW,ESTABLISHED,RELATED --sport 1024:65535 -j LOG --log-prefix "INFO,OUTPUT,NAT(tcp): " --log-level debug Thanks in advance, Kristian -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
