Is it possible to route packet from Postrouting back to Prerouting?

Chris

5/16/24, 2:17 AM

I am wondering if I can mark TCP and UDP packets with DSCP, then at Postrouting, if a packet has certain DSCP marking, it will be rerouted back to Prerouting.

The reason I am doing this is because I am running a transparent proxy, and UDP packet has to be routed to the Tproxy in the mangle table Prerouting chain. There are certain rules in filter table that I want to be applied before the packet goes to the transparent proxy. I am imaging a solution where I can mark these packets with DSCP first, let the filter table rules take place, then in the Postrouting chain, change DSCP mark, reroute it back to Prerouting, match the new DSCP mark and send it to the Tproxy.

Edit: sorry if my way of phrasing it makes anyone confusing. The problem I am trying to solve is that:

tproxy only works in mangle table;
I have rules in filter table (match dest IP and drop packet) and the rules have to be in the filter table because the Openwrt luci webui works in that way, I can't change it.
If a packet goes into tproxy, the rules in filter does not work anymore.

What should I do if I want to apply rules in filter table first then send packet into tproxy?

0 + 4

iptables

transparent-proxy

A.B

5/16/24, 12:07 PM

Why don't you apply the rules in prerouting instead? All this will stay very fuzzy until you describe the final goal (not its implementation) and also what rule you want to use and why you can't use it in prerouting. If iptables appears too restrictive for this, consider nftables too.

A.B

5/18/24, 11:46 AM

I still don't understand what's the problem to solve (it looks like you're describing your idea Y of solving problem X: [What is the XY problem?](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem)). For example there are ways to predict an outgoing interface while still in prerouting (using nftables), but I can't know what you want to solve.

A.B

5/18/24, 11:48 AM

And if there is useful information to add, it should be added in the question, not as comment.

Chris

5/19/24, 12:20 PM

Sorry for the confusion, I have edited the question.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is it possible to route packet from Postrouting back to Prerouting?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.