2.9.6 - believe to have same issue on newest.
I think I have ran into a NAT / rule matching bug…
I can setup this MANGLE rule to add packets to an address list and it works perfect:
9 ;;; IP.ASP queries
chain=forward dst-address=X.Y.Z.40 protocol=tcp dst-port=80
content=/ip.asp action=add-src-to-address-list address-list=ipquery
address-list-timeout=1m
but I cannot add the exact same rule under NAT and match anything.
13 ;;; IP.ASP redirect
chain=dstnat dst-address=X.Y.Z.40 protocol=tcp dst-port=80
content=/ip.asp action=dst-nat to-addresses=X.Y.Z.41
to-ports=0-65535
I’m guessing either the CONTENT field is ignored or is never matching anything. I realize that not performing NAT on all packets that are part of the connection will be a problem but I think the above bug still needs to be looked at.
Sam