I'm trying to transparent-proxy a device from my router. The iptables rules look like this:
{iptables | ip6tables} -t mangle -A PREROUTING -m mac --mac-source <mac_address> -p {tcp | udp} -j TPROXY --on-port 60080 --tproxy-mark 0x1
How to exclude the traffic destined for the router, so the device can access the router in general? (The device can't obtain IP with this rule, also I have a DNS resolver on the router)
For IPv4, I can use the NAT IP of the router, e.g. ! -d 192.168.1.1
But in IPv6, the br-lan
interface only has a public IP address.
I tried --out-interface
but it can't be used in PREROUTING
.
I also tried --destination 'br-lan'
but it says br-lan is a bad argument
.
On a related note:
ip -6 route add local default dev lo table 100
doesn't show up when I try
ip -6 route show table 100
but it's in
ip -6 route show table all
I'm not sure if this means it's not working... on Ubuntu PC table 100
does show the route.