<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">Hi <br> Thanks for your response. I am able to get the traffic
redirected to my proxy server port. But the whole behavior is as if the
tproxy kernel patch is not applied. In other words, on the web server I
see that the request is coming from my proxy server and not from the
client. The client IP is not getting rewritten after the socket options are applied.<br><br> Also, I am observing that if I set the "itp.v.addr.fport" to 0, the proxy server doesnt even get the request from the client.(Here itp is a variable of type struct in_tproxy). So I had to assign the fport to a valid non-zero number.<br><br>Any help is much appreciated.<br><br>thanks again,<br>Jojy<br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div><br>####<br>Message: 1<br>Date: Mon, 13 Aug 2007 10:13:15 +0200<br>From: Laszlo Attila Toth <panther@balabit.hu><br>Subject: Re: [tproxy] TPROXY + Cisco Firewall<br>To: tproxy@lists.balabit.hu<br>Message-ID: <200708131013.16001.panther@balabit.hu><br>Content-Type: text/plain; charset="utf-8"<br><br>On Sunday 12 August 2007 00.28.07 Jojy Varghese wrote:<br>> Hi all<br>> 3.<br>> I have verified my changes by creating a REDIRECTION rule in the
tproxy<br>> chain (can list my iptable changes by doing "iptables -t tproxy -L")<br><br>Hello,<br><br>For instance a client try to connect to a webserver somewhere on the Internet <br>listening on port 80, and your proxy is listening on port 50080. The iptables <br>rule that redirects packets to that port is the following:<br><br> iptables -t tproxy -p tcp --dport 80 -j TPROXY --on-port 50080<br><br>The next one is to allow incomming traffic on that port. Because the TPROXY <br>target marks the packet, the following rule accepts these packets:<br><br> iptables -t filter -A INPUT -m tproxy -j ACCEPT<br><br>A tutorial is available here:<br> <a target="_blank" href="http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/">http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/</a><br><br><br>-- <br>Regards,<br> Laszlo Attila
Toth<br><br><br>------------------------------<br><br>_______________________________________________<br>tproxy mailing list<br>tproxy@lists.balabit.hu<br><a target="_blank" href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br><br><br>End of tproxy Digest, Vol 26, Issue 11<br>**************************************<br></div></div><br></div></div><br>
<hr size=1>Shape Yahoo! in your own image.
<a href="http://us.rd.yahoo.com/evt=48517/*http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7">Join our Network Research Panel today!</a>
</body></html>