<div style="__styleDocument: [object]">Thanks for the response.</div>
<div> </div>
<div style="__styleDocument: [object]">Here's my problem: </div>
<div style="__styleDocument: [object]">I'm running foreign-tcp-connect on a machine (say <a href="http://1.2.3.4">1.2.3.4</a>) to fake a source address (say <a href="http://5.6.7.8">5.6.7.8</a> port 9999) when connecting to a web server. I get a connect timeout.
</div>
<div style="__styleDocument: [object]"> </div>
<div style="__styleDocument: [object]">At the webserver, when I do a tcpdump, it seems that only the port is being faked, not the IP address. That is, the tcpdump output shows that I'm trying to connect from <a href="http://1.2.3.4">
1.2.3.4</a> port 9999. </div>
<div style="__styleDocument: [object]"> </div>
<div style="__styleDocument: [object]">If I use <a href="http://5.6.7.8">5.6.7.8</a> as the fake IP address, it works. Has anyone experienced this problem? What am I missing? </div>
<div style="__styleDocument: [object]"> </div>
<div style="__styleDocument: [object]">My setup:</div>
<div style="__styleDocument: [object]">Linux kernel <a href="http://2.6.15.3">2.6.15.3</a> (pristine) patched with tproxy-2.6.15-2.0.4</div>
<div style="__styleDocument: [object]"> </div>
<div style="__styleDocument: [object]">Many thanks,</div>
<div style="__styleDocument: [object]">N</div>
<div style="__styleDocument: [object]"><br><br> </div>
<div><span class="gmail_quote">On 4/6/06, <b class="gmail_sendername">Jan Engelhardt</b> <<a href="mailto:jengelh@linux01.gwdg.de">jengelh@linux01.gwdg.de</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>>Q: Is patching the iptables userspace necessary if I just want to fool<br>>around with the example programs, say foreign-tcp-connect?
<br>><br>No, only if you want to modify the kernel ip tables.<br>(Which is not required if you only want to fake addresses.)<br><br><br>Jan Engelhardt<br>--<br></blockquote></div><br>