[tproxy] I'm having a little trouble binding a tproxy and I might do something wrong.
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Feb 5 02:59:32 CET 2013
On 2/4/2013 5:46 PM, KOVACS Krisztian wrote:
> Hi,
>
> On Mon 04 Feb 2013 01:19:10 PM CET, Eliezer Croitoru wrote:
>> On 2/4/2013 2:02 PM, KOVACS Krisztian wrote:
>>> Unfortunately not using the same source port is not an ultimate
>>> solution, either: if you use a random source port you still have a
>>> chance that it will clash with the endpoint of another existing TCP
>>> connection.
>> Most likely to not since it's a pair of ip+port to ip+port.
>> Your basic assumption is that there are two devices that controls the
>> same ip and port assignment.
>> on a machine the OS tries to avoid using the same port for the same dst
>> as a basic rule.
>
> Yes, but only for local sockets. However, in this case the endpoint
> address is first chosen by the client's TCP stack and then on the
> proxy's TCP stack. The latter does not have a socket bound to the
> address yet, so it will be happy to choose the exact same port.
>
>> on a nat machine it depends on the nat type but linux from box don't do
>> this kind of nat that will make such thing happen.
>
> Yep, that's true, the NAT code avoids conntrack duplicates at all
> costs. (Even if that means an extra implicit translation.)
Sorry I havn't seen the context of the mail and it seems like I got my
answers while you were trying to help them.
Thanks,
Eliezer
> --
> KOVACS Krisztian
>
--
Eliezer Croitoru
http://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
More information about the tproxy
mailing list