[tproxy] failure to apply snat mapping?

Lennert Buytenhek buytenh@wantstofly.org
Wed, 21 Apr 2004 19:35:37 +0200


Let's say that I have an app that connects to IP address, and uses
tproxy to fake the source address as  Bind the socket, then call
into tproxy, and then connect() and ta da -- everything works as expected.

Now I decide that that app should not connect to, but instead to  I don't want to modify the source and restart it, so I add a nat
rule in the iptables nat/OUTPUT chain to DNAT the address to

The app now (unknowingly) connects to, that works fine.  But.. the
source address used for the connection is now the source address of the box
and not anymore :((

Is this a case of "Don't do that, then!!"?

I'm using "tproxy-2.4.22-1.1.3.diff" patched into a Red Hat 2.4.20 kernel
(2.4.20-20.9 to be exact) on a uniproc P4 2.4GHz, 1G RAM.