[Seems the same mail I sent yesterday had some formatting error, so send it again. Sorry for spam...] Hi everyone, I'm new to iptables and recently met a problem when trying to get original IP address with getsockopt. I'm using iptables 1.3.3 on linux 2.6. Here's the rule: iptables -t nat -A OUTPUT -m owner --uid-owner <my_user_name> -p tcp -d 10.0.0.0/8 -j REDIRECT --to-port 9000 It will redirect all tcp packages to my proxy process listening on 9000 port. And my proxy will handles the real connection with out world. Here's my code snippet of my proxy app to get the original destination address: struct sockaddr_in addr; socklen_t addr_sz = sizeof(addr); bzero(reinterpret_cast<char*>(&addr), addr_sz); addr.sin_family = AF_INET; if (getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, &addr, &addr_sz) != 0) { int err = errno; LOG << "Couldn't read SO_ORIGINAL_DST from socket " << fd << " Detail: " << strerror(err); return false; } For most connections this works well. But it randomly returns -1 and gives ENOENT errno: "No such file or directory"... I totally don't know why or in which condition this will happen. Could anyone enlighten me? Thanks in advance! -- Best Regards! Kai Wang -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html