Hello,<br><br>thanks for this informations,<br>I'm using zorp 3.1.12 with tproxy 4.0.3 on kernel 2.6.22.<br><br>I think that tproxy table is after nat table, as if i disable my netmap rules ( prerouting )<br>int nat table, the redirection to zorp work.
<br><br>So I need to use only netmap on postrouting in nat table for source-nat, and use<br>OneToOneMultiNat on zorg configuration for destination-nat ( I have to do source and destination nat <br>on the same box. )<br><br>
But, in this case : the requests sent by zorp to the destination server is done with the<br>box ip and not the client's ip.<br><br>For now :<br><br> 1/ Source Nat is done in postrouting nat table with Netmap target<br>
2/ Destination Nat is done by zorp ( OneToOneMultiNat )<br><br>How can I do to force zorp to use the client's ip as ip source whe it <br>connect to the destination server ?<br><br>thank's a lot.<br><br><div><span class="gmail_quote">
2007/11/9, Laszlo Attila Toth <<a href="mailto:panther@balabit.hu">panther@balabit.hu</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hello,<br><br>Mohamed Badri wrote:<br>> Hi,<br>><br>> I'm running Linux 2.6.22, Iptables 1.3.8, with Tproxy 4.0.3 patches<br>><br>> I've added the following rules in iptables :<br>><br>> iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
<br>> TPROXY --on-port 50080<br>> iptables -t tproxy -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j<br>> TPROXY --on-port 50080<br>><br>> but nothing happens, connexions to port 80 are not redirected to local
<br>> port 50080.<br><br>Did you use IP_FREEBIND socket option in your program on the listening<br>socket? Without it the tproxy only works if you load iptable_tproxy with<br>the tproxy_any=1 module parameter:<br><br>modprobe iptable_tproxy tproxy_any=1
<br><br><br>><br>> Can I use NETMAP target in nat table while using tproxy ?<br><br>I'm not sure, probably no. The tproxy table is before nat also if the<br>TPROXY target changes the local route (the packet is diverted) then the
<br>NETMAP may change this also the packets may not arrive to the listening<br>socket.<br><br><br>--<br>Panther<br></blockquote></div><br><br clear="all"><br>-- <br>----