I'm trying to implement a transparent proxy that will intercept outgoing connections and forward to destination afterwards. I have found this iptables tproxy rule:
sudo iptables -t mangle -A PREROUTING -p tcp --dport 9002 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 9001
to divert outgoing connection set to go to port 9002 to my proxy application listening port 9001. This works well and my proxy receives connection when local client tries to connect to local server as:
./client 127.0.0.1 9002
My proxy application then access original ip:port information (which is 127.0.0.1:9002 in this case) by setting SOL_IP property as:
setsockopt(socketfd, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)
However, when client tries to connect remote server (./client remote_ip 9002) listening on port 9002, my proxy application does not get connection. I think I need to use tproxy as otherwise myproxy application cannot learn about real destination of this connection which is necessary to forward the connection.