Hey Guys,
This is pretty convulated. 10 Points to anyone who is able to comprehend what it is that I'm trying to achieve, and many more to anyone with a solution :P
The Story:
I've setup a shell in order to SSH Tunnel gaming traffic (specifically World of Warcraft...I hear some of you groan!) from New Zealand to West Coast WOW servers. For whatever reason this seems to negate a large chunk of latency and commonly reduces my ping by 100-200ms. I also have read a bit about the way the application uses ACK packets, or rather a lack of. By introducing the NODELAY flag in a tcp stream it seems the latency can be reduced further more. The article I reference is here, for anyone interested
http://forums.worldofwarcraft.com/th...71071466&sid=1.
It seems this can be achieved by using both a DNAT (Masquerading under iptables) and a network swiss army knife of sorts, named socat. By using a DNAT you can redirect any traffic on WOW's port (TCP3724) through to socat, which runs as a daemon on that port, which introduces the NODELAY, and sends it on to the WOW server.
My problem is this, the linux machine im using is not my gateway. All traffic is tunnelled via SSH to this machine. I understand DNAT is performed on the ingress interface. My SSH traffic passes through this interface and arrives on the system, I then need it to be DNAT'd through to socat listening on 3724.
The command used is this:
iptables -t nat -A PREROUTING -p tcp -d your.wow.server.ip.address --dport 3724 -j REDIRECT --to-ports 3724
The problem I see is that this would occur only when the outside interface see's traffic on 3724 to dest your.wow.server.ip.address. When the traffic is bundled up in a SSH stream, is decrypted and forwarded it misses this NAT altogether, something which needs to occur in order for the system to work.
Currently, the SSHD port forwards all my WOW traffic back out to it's destination without doing the DNAT that I need it to do.
The Question
Is there anyway to have SSH traffic, when it's been decrypted on the SSHD, pass through the whole iptable 'system', as if it's a clear text packet which has arrived on the outside?
