<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div><br></div><div style="color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span style="font-size: 13px;">Hello Yash,</span></div><div style="color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><br></div> <div style="font-family: arial, helvetica, sans-serif;"> <div style="font-family: 'times new roman', 'new york', times, serif;"> <div dir="ltr"> <hr size="1"> <font size="2" face="Arial" style="font-size: 12pt;"> <b><span style="font-weight:bold;">From:</span></b> yash cp <yashavanth.hsn@gmail.com><br> <b><span style="font-weight: bold;">To:</span></b> tproxy@lists.balabit.hu <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, August 27, 2013 12:01 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> [tproxy] TPROXY on ubuntu not working.<br> </font> </div> <div
class="y_msg_container" style="font-size: 12pt;"><br><div id="yiv4482406643"><div dir="ltr"><div><div><div><div><div><div>>Hello Team,<br><br></div>>I am trying to configure and use TPROXY as given in the link. <a rel="nofollow" target="_blank" href="http://wiki.squid-cache.org/Features/Tproxy4">http://wiki.squid-cache.org/Features/Tproxy4</a><br>
<br></div>>My setup includes : A Ubuntu machine with one Network card, but two IP addresses ( one of which is virtual or Alias)<br><br></div>>Real IP: 192.168.150. 10 -- ( interface to the internet)<br></div><div><span style="font-family: arial, helvetica, sans-serif; font-size: 12.727272033691406px;">What do you mean by "Real"?</span><br></div><div><span style="font-family: arial, helvetica, sans-serif; font-size: 12.727272033691406px;"><br></span></div>>Virtual IP : 192.168.22.5 -- ( interface to the subnet <a rel="nofollow" target="_blank" href="http://192.168.22.0/24">192.168.22.0/24</a>)</div><div><span style="font-size: 13px; background-color: transparent; font-family: arial, helvetica, sans-serif;"><br></span></div><div><span style="font-size: 13px; background-color: transparent; font-family: arial, helvetica, sans-serif;">By (Interface to the Internet), I suppose you mean that this private IP address will be NATed at another network
device after the TPROXY. How about subnet 192.168.22.0/24? Is it NATed ? </span><span style="background-color: transparent; font-size: 13px; font-family: arial, helvetica, sans-serif;">Why are you using two IP addresses on the TPROXY? </span></div><div><br></div><div><br></div>>Both the IP's have the same MAC address.<br><br></div><div>>When the client( 192.168.22.10) sends connection request, its forwarded to the other port 50001 (Checked with the logs).<br></div><div>>But the proxy is not responding with SYN-ACK , as a result the connection is not established. <br>
</div><div><span style="font-family: arial, helvetica, sans-serif; font-size: 12.727272033691406px;"><br></span></div><div><span style="font-family: arial, helvetica, sans-serif; font-size: 12.727272033691406px;">The TPROXY will spoof the IP addresses of clients on 192.168.22.0/24 subnet and I think (but I'm not sure) that TPROXY would send SYN-ACK to the original client, only after it receives SYN-ACK from the web server. Since this subnet is private, requests will not reach the web server unless you're doing NAT somewhere after the TPROXY. Please note that even if you're doing NAT, you must make sure that replies return back to the TPROXY rather than the original client. </span><br></div><div><br></div><div>>I don't know about the internals of the TPROXY. Does it works with matching using IP address and port or with MAC address.<br></div><div>I could not get your question here!</div><div><br></div><div>>Does TPROXY is not supported in this
scenario?<br>If you take care of the things I pointed out above, then it is, but I don't think you would need two IP addresses on the TPROXY. I recommend using WCCP though.
</div><div><br></div><div>>Best Regards,<br>>Yash<br></div><div><br></div><div>Best regards,</div><div>Firas</div></div></div><br>_______________________________________________<br>tproxy mailing list<br><a ymailto="mailto:tproxy@lists.balabit.hu" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/tproxy" target="_blank">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br><br><br></div> </div> </div> </div></body></html>