I'm trying to implement the solution to this question to edit packets coming from my server but I'm having trouble getting the IPTables rules correct.
I'm using a VPS with an external facing IP to forward traffic to a local server via a wireguard tunnel and I want to edit some of the response packets sent by the local server when it is accessed by any external host. However the Redirect rule (number 4) only works for connections initiated by my server (I can see these being examined by netsed), not for responses sent when connections are initiated by an external host.
Can anyone help point to what I'm doing wrong?
(1) iptables -I FORWARD -d <server IP> -m comment --comment "Accept to forward traffic" -m tcp -p tcp --dport <server port> -j ACCEPT
(2) iptables -I FORWARD -m comment --comment "Accept to forward return traffic" -s <server IP> -m tcp -p tcp --sport <server port> -j ACCEPT
(3) iptables -t nat -I PREROUTING -m tcp -p tcp --dport <server port> -m comment --comment "redirect packets to server" -j DNAT --to-destination <server IP>:<server port>
(4) iptables -t nat -I PREROUTING -s <server IP> -p tcp -j REDIRECT --to 10101
netsed tcp 10101 0 0 s/<original text>/<replacement text>
(for in the IPTables rules I am using the Wireguard interface address)
