Thanks a lot for your help Tushar, we've found a way to intercept outgoing packets in userlevel.
This is our configuration: box running click and a server program on port 5001 (using tcp), one interface: eth1 ip address: 192.168.1.4 box running client program, connecting to server ip but with a random port, say 6423. ip address: 192.168.1.5 So, as I wrote earlier, using IPRewiter to modify the destination port to 5001 and using KernelTun(192.0.0.1/8) as you suggested, we were able to send the packets up to the application. Our problem was that the application would reply to the SYN packets with SYN/ACKs containing 5001 as a source port which would then be rejected by the client program since it was expecting 6423. Trying to intercept packets going to the client using the output port of KernelTun wasn't working because the destination IP of these packets was on the same network as the server and would then be routed by the "192.168.1.0/24 eth1" entry in our linux routing table and not the "192.0.0.0/8 tun". So what we did was delete the 1st route, and make the tunnel created by KernelTun the default route. This allowed us to intercept packets in click. We then forward them to the IPRewriter element and use output 1 for the reverse mapping. We then use ToDevice to send the packets to the client and it works, the TCP connection gets created successfully. Hope this can help you, although your configuration seemed different from ours. Thanks again for your input. Bayani Carbone _______________________________________________ click mailing list [email protected] https://amsterdam.lcs.mit.edu/mailman/listinfo/click
