<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">Hi <br> I thought some more info might be helpful for someone following this thread. In my code, when I call "setsockopt" to set the TPROXY_ASSIGN and TPROXY_FLAGS options, I get an error. Please see the code below. Any ideas why this might be? Also, if I set the local address port to 0 or the foreign address port to 0, how does that matter? IN other words, how important is the port assignment? <br><br>thanks in advance<br>Jojy<br><br>##### Code Begins
#########################<br> struct in_tproxy itp;<br> struct sockaddr_in sin;<br><br> itp.op = TPROXY_VERSION;<br> itp.v.version = 0x02000000;<br> if(setsockopt(handle,SOL_IP,IP_TPROXY,&itp,sizeof(itp)) == -1 )<br> {<br> __log(LOG_ERROR, L"Error Setting version");<br> }<br> <br> sin.sin_family=AF_INET;<br> inet_aton("192.168.1.74", &sin.sin_addr);<br> sin.sin_port=htons(9999);<br><br> if(bind(handle, (struct sockaddr*)&sin, sizeof(sin)) == -1)<br> {<br> __log(LOG_ERROR, L"Error Binding");<br> }<br><br> itp.op = TPROXY_ASSIGN;<br> inet_aton("192.168.1.75", (struct in_addr
*)&itp.v.addr.faddr);<br> itp.v.addr.fport=htons(2000);<br><br> if(setsockopt(handle,SOL_IP,IP_TPROXY,&itp,sizeof(itp)) == -1 )<br> {<br> __log(LOG_ERROR, L"Error Setting Assign Option ");<br> }<br> itp.op = TPROXY_FLAGS;<br> itp.v.flags = ITP_CONNECT;<br><br> if(setsockopt(handle,SOL_IP,IP_TPROXY,&itp,sizeof(itp)) == -1 )<br> {<br> __log(LOG_ERROR, L"Error Setting Flags Option ");<br> }<br><br> // Code to connect follows<br><br>### Code ends ####<br><br><br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div><br>####<br>Message: 1<br>Date: Mon, 13 Aug 2007 10:13:15 +0200<br>From: Laszlo Attila Toth <panther@balabit.hu><br>Subject: Re: [tproxy]
TPROXY + Cisco Firewall<br>To: tproxy@lists.balabit.hu<br>Message-ID: <200708131013.16001.panther@balabit.hu><br>Content-Type: text/plain; charset="utf-8"<br><br>On Sunday 12 August 2007 00.28.07 Jojy Varghese wrote:<br>> Hi all<br>> 3.<br>> I have verified my changes by creating a REDIRECTION rule in the
tproxy<br>> chain (can list my iptable changes by doing "iptables -t tproxy -L")<br><br>Hello,<br><br>For instance a client try to connect to a webserver somewhere on the Internet <br>listening on port 80, and your proxy is listening on port 50080. The iptables <br>rule that redirects packets to that port is the following:<br><br> iptables -t tproxy -p tcp --dport 80 -j TPROXY --on-port 50080<br><br>The next one is to allow incomming traffic on that port. Because the TPROXY <br>target marks the packet, the following rule accepts these packets:<br><br> iptables -t filter -A INPUT -m tproxy -j ACCEPT<br><br>A tutorial is available here:<br> <a rel="nofollow" target="_blank" href="http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/">http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/</a><br><br><br>-- <br>Regards,<br> Laszlo Attila
Toth<br><br><br>------------------------------<br><br>_______________________________________________<br>tproxy mailing list<br>tproxy@lists.balabit.hu<br><a rel="nofollow" target="_blank" href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br><br><br>End of tproxy Digest, Vol 26, Issue 11<br>**************************************<br></div></div><br></div></div><br>
<hr size="1">Shape Yahoo! in your own image.
<a rel="nofollow" target="_blank" href="http://us.rd.yahoo.com/evt=48517/*http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7">Join our Network Research Panel today!</a>
</div><br></div></div><br>
<hr size=1>Park yourself in front of a world of choices in alternative vehicles.<br><a href="http://us.rd.yahoo.com/evt=48246/*http://autos.yahoo.com/green_center/;_ylc=X3oDMTE5cDF2bXZzBF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDZ3JlZW4tY2VudGVy">Visit the Yahoo! Auto Green Center.</a></body></html>