Hello Bazsi Thank you very much for your quick advice.
If I understand correctly what you mean here, it is not currently possible as the tuple of the connection must be unique. The tuple includes source address, source port, destination address, destination port. The incoming connection and the connection on the server side have the same tuples. Do you really need to also fake the source port towards the server?
In our experience, choosing a different port dynamically towards the server causes no problems. At now, there is no need to keep source port address of client. So I tried to set "itp.itp_fport=0". And it works without problem ! Thank you.
P.S. I hope that tproxy kernel patch will be joined to Linux2.5(and 2.6) kernel. I would be happy if you and Linus have such a plan. :-) -- Yoshioka Tsuneo E-MAIL: Tsuneo.Yoshioka@f-secure.com