The iptables rules must be interface specific. The dpt:80 rule must apply only to packets arriving on the client side interface, and the spt:80 must apply only to packets arriving on the origin side interface.
Thursday, June 7, 2012, 10:14:13 AM, you wrote: > I flushed the iptables. This is what I have added to my iptables. I have the > eth1 interface of TS1 to the client and eth2 to the webserver routed as > default gateway. > Table: mangle > Chain PREROUTING (policy ACCEPT) > num target prot opt source destination > 1 MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 > MARK or 0x1 > 2 TPROXY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 > TPROXY redirect 0.0.0.0:8080 mark 0x1/0x1
