IP Tables, Packet Changin

[zhackwyatt]

Hello all,

I want to intercept a packet, Change the data, source IP and Destination IP and then send it on its way again. How do I do this?

Currently I am intercepting the packet on the Filter/Input Table/Chain. Then I change the data, the source IP, and destination IP and then do a NF_Accept on it. However, the packet never shows up at the destination. What am I doing wrong here? Do I have to drop the packet and then generate a completely new packet w/ my desired contents?

Thanks for any help.

[Lazydog]

Look at PREROUTE and POSTROUTE.

http://iptables.rlworkman.net/chunkyhtml/index.html

[zhackwyatt]

Look at PREROUTE and POSTROUTE.

http://iptables.rlworkman.net/chunkyhtml/index.html

That's just purely doing it in iptables though. I need it in C. Maybe this will help:

Code:

/sbin/iptables --insert INPUT 1 --in-interface eth+ -s 192.168.20.50 -j QUEUE
/sbin/iptables --insert INPUT 1 --in-interface eth+ -s 192.168.100.2 -j QUEUE

Code:

m = ipq_get_packet(buf);

iph = (struct ip *) m->payload;

iph->ip_src.s_addr = inet_addr("192.168.100.1");
iph->ip_dst.s_addr = inet_addr("192.168.100.2");
iph->ip_sum = csum((unsigned short*) iph, sizeof(struct iphdr));

status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, m->data_len, m->payload);

However, when I do the NF_ACCEPT, it never shows up at the other end.

Is this because at that point the kernel sees this packet is not for it and just drops it? As a workaround, I currently drop the packet and generate a new one w/ the modified contents. It just seems to me that there might be a more efficient way. I could be wrong though.

Thanks for the reply.

[Lazydog]

I can help you out with IPTABLES setup but not with what you are trying to do. Sorry.