|
Hi,
Here is what I am trying to do:
1) Use a libipq userspace program to intercept
packets coming in on port 80 through eth0
2) Have the userspace compare the MAC address of
the packet to a list (reading a text file each time)
3) If the packet is in the list, let it continue on
its way to apache which is running on this box
4) If the packet is not on the list, somehow
redirect it to another webserver (a different box) through a second ethernet
device (eth1)
Here is what I have:
1) A program that is able to do steps 1-3
above
2) It tries to change the destination address of
the ip and tcp headers, and recalculates the checksums for each (using that neat
little csum_partial from the various tools)
3) Re-injects the altered packet back with
NF_ACCEPT
4) Nothing gets re-directed, but apache on this
server gets it as though nothing happened
I've read the various netfilter how to's, the
libipq man pages, and tried searching the net. I get the feeling that there is
something about how I am trying to approach this thats just wrong. Should I be
using the mangle table instead of the filter table? Do I need to alter more than
the destination address for the ip and tcp headers? Am I barking up the wrong
tree?
Any suggestions or direction would be greatly
appreciated.
Iman Mayes
|
