We have an iptables rule like below: iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 10000 The intent is to redirect all traffic to a single port, where our user-space proxy handles requests. This works in most cases, but we run into issues when a single client makes requests to multiple ports. Because the destination port is redirected to a single port, we no longer have that as a distinguishing factor in our 4-tuple. The result is the incoming connection will fail and a Challenge Ack is sent to the other connection with the same 4-tuple. One workaround we have successfully used is replacing TPROXY with REDIRECT. However, IP_TRANSPARENT is not viable for us due to the high privileges required. Are there any alternatives that can address this issue?
