Iptables/nftables on openwrt
How to make the packets that pass through the output chain and are looped back to the local machine by the loopback network card skip the rules of the prerouting chain?
Why do I need this?
I want my router(openwrt) to act as transparent proxy. It will proxy traffic whose destination ip is in a set of CIDR ip addresses while leave other traffic untouched. It will proxy all qualified traffic from LAN or itself.
The proxy proccess listens on a port, assuming 9876. And it sets IP_TRANSPARENT on the socket it is listening on. This means I have to use tproxy on my firewall to redirect traffic to it.
I think I need to set ip based rules on both prerouting and output chain. This helps me to rule out traffic which is not in CIDR set.
Traffic comes from router itself will be first passed through the output chain and looped back to the local machine by the loopback network card so they can be delivered to local proxy process. This means these packets will go through the same rules in prerouting chain again which seems unnecessary.
How can I avoid this?