<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Hi Yash,</div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><br></div> <div style="font-family: arial, helvetica, sans-serif;"> <div style="font-family: 'times new roman', 'new york', times, serif;"> <div dir="ltr" style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"> <hr size="1"> <font size="2" face="Arial"> <b><span style="font-weight:bold;">From:</span></b> yash cp <yashavanth.hsn@gmail.com><br> <b><span style="font-weight: bold;">To:</span></b> Firas Rasmy <firasrasmy@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> "tproxy@lists.balabit.hu" <tproxy@lists.balabit.hu> <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, August 27, 2013 9:05 AM<br> <b><span
style="font-weight: bold;">Subject:</span></b> Re: [tproxy] TPROXY on ubuntu not working.<br> </font> </div> <div class="y_msg_container"><br><div id="yiv1925190458"><div dir="ltr" style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"><div><div>>Hello Firas,<br><br></div>>Thanks for your quick reply.<br><br><span style="background-color:rgb(204,204,204);">>>1. </span><span style="font-family: arial, helvetica, sans-serif; font-size: 12.7273px;"><span style="background-color:rgb(204,204,204);">What do you mean by "Real"?</span><br>
</span></div><span style="font-family:arial, helvetica, sans-serif;font-size:12.7273px;" class="yui_3_7_2_74_1377560314253_74">> Even though its an private IP address, it uses DHCP for getting the IP address.( Its not static or aliased) I am able to access the Internet from the >proxy machine. </span></div><div dir="ltr"><font face="arial, helvetica, sans-serif"><span style="font-size: 12.727272033691406px;">I don't think this is called "real".</span></font></div><div dir="ltr" style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12.7273px;">
<span style="background-color:rgb(204,204,204);"><br><br>>>2.</span></span><span style="background-color:rgb(204,204,204);"><span style="font-size: 13px; font-family: arial, helvetica, sans-serif;"> By (Interface to the Internet), I suppose you mean that this private IP address will be NATed at another network
device after the TPROXY. How about subnet <a rel="nofollow" target="_blank" href="http://192.168.22.0/24">192.168.22.0/24</a>? Is it NATed ? </span><span style="font-size: 13px; font-family: arial, helvetica, sans-serif;">Why are you using two IP addresses on the TPROXY? </span></span><div>
<span style="background-color:rgb(204,204,204);"><span style=""></span></span><br></div><div>>Yes, its NATed after TPROXY. <a rel="nofollow" target="_blank" href="http://192.168.22.0/24">192.168.22.0/24</a> is not NATed. <br></div><div>>I am using two IP addresses, because I want to create a local network behind 192.168.150.10 machine. I suppose, without two IP addresses I cannot create a subnet. Please correct me if I am wrong.</div><div><br></div><div>Please note that TPROXY spoofs the IP addresses of its clients, so if the IP address of the client is neither public nor NATed, how would requests reach the intended web server? Since your clients have private IP addresses, perhaps you don't need a TPROXY in your case as one of the goals of TPROXY is maintaining the (I would say "public", though not necessarily) IP addresss of the client on the connection with the web server. So I think an interception proxy would be sufficient in your
case.</div><div><br></div><div>You mean you have two subnets behind the TPROXY? If this is the case then having two IP addresses on the interface is one way of doing that, but may not be the best way. I would suggest that you start with a simple topology (single subnet in your case). Once you have everything working properly, you may take it a step further. <br><span style="background-color:rgb(204,204,204);"><br>>> 3.<span style="font-family: arial, helvetica, sans-serif; font-size: 12.7273px;">The TPROXY will spoof the IP addresses of clients on <a rel="nofollow" target="_blank" href="http://192.168.22.0/24">192.168.22.0/24</a>
subnet and I think (but I'm not sure) that TPROXY would send SYN-ACK to
the original client, only after it receives SYN-ACK from the web
server. Since this subnet is private, requests will not reach the web
server unless you're doing NAT somewhere after the TPROXY. Please note
that even if you're doing NAT, you must make sure that replies return
back to the TPROXY rather than the original client.</span></span><br><br></div><div>I verified that what I said in my previous email "TPROXY would send SYN-ACK to the original client, only after it receives SYN-ACK from the web server" is wrong, sorry for this! I tested it on my working TPROXY squid server and found out that squid immediately sends SYN-ACK to the client once it receives a SYN, even for destination IP addresses that are not listening to TCP port 80!</div><div><br></div><div>>Well, I checked with my setup. After the SYN packet from the client is received. The TPROXY machine never responds to the original client or even never tries to send the SYN packet to the web server.<br>
</div><div>>Without using TPROXY, my setup with Iptables REDIRECT works fine.</div><div><br></div><div>I would suggest using tcpdump and analyzing the traffic you capture to see what's really going on.<br><br><span style="background-color:rgb(204,204,204);">>4. I don't know about the internals of the TPROXY. Does it works with matching using IP address and port or with MAC address.</span><br>
<div>>I could not get your question here!<br><br></div><div>>What I meant here is, how does the TPROXY matches the packets. Since I am using the same MAC address for both the IP's. Will that be a problem?<br>If I understood you correctly, I don't think that using two IP addresses on one interface would conflict with how TPROXY works!<br></div><div><span style="font-size: 12pt;">Regards,</span><br></div><div>Firas<br><br><br></div>
<div>>Best Regards,<br></div><div>>Yash<br></div></div><div><br></div><div><br> </div></div></div><br><br></div> </div> </div> </div></body></html>