Quoting from the official kernel doc: http://www.cyberciti.biz/files/linux...ing/tproxy.txt
SeeTransparent proxying involves "intercepting" traffic on a router. This is done with the iptables REDIRECT NAT target; however, there are serious limitations of that method. One of the major issues is that it actually modifies the packets to change the destination address -- which might not be acceptable in certain situations. It will also not work with UDP or HTTPS traffic. The TPROXY provides similar functionality without relying on NAT.