Stanisław Pitucha wrote:
> Great - thanks! That solved the capturing problem. Now I'm using QUEUE
> on both PREROUTING and OUTPUT.
> But now I've got another one:
> I'm rewriting addresses like in standard dnat:
> client <-> gateway (choosing server) <-> servers
> 
> Outgoing ones are delivered as they should: (own logging fragment)
> Tried packet: From: 192.168.1.37:32938 to: 192.168.1.111:53
> Redirection! - Sent packet: From: 192.168.1.37:32938 to: 192.168.1.1:53
> 
> Incoming packet gets changed:
> Got packet: From: 192.168.1.1:53 to: 192.168.1.37:32938  'n redirected
> Delivered packet: From: 192.168.1.111:53 to: 192.168.1.37:32938
> 
> but application doesn't see it. Additionally wireshark sees outgoing
> packet changed, but incoming one original:
> 192.168.1.1:53->192.168.1.37:32938. Is that normal? What can be the
> reason? If I leave source address unchanged, packet arrives to the app
> with real source without problems.
> 
> Thanks


Are you getting messages similar to "ip_rt_bug" in dmesg when incoming
packets get redirected?  If so, see this thread:
http://lists.netfilter.org/pipermail/netfilter-devel/2007-May/027849.html

As for wireshark, I think that it sees incoming packets before netfilter
does and outgoing packets after netfilter finishes with them.  That
would explain the behaviour that you're seeing.

Rennie deGraaf