<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Yes, Johns, It work in bridge mode.
//ZhouLi</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=andrew.johns@gmail.com href="mailto:andrew.johns@gmail.com">A
Johns</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=zorp@lists.balabit.hu
href="mailto:zorp@lists.balabit.hu">Zorp users mailing list</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, July 10, 2007 14:56</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [zorp] Why client can see ip
address of dummy interface</DIV>
<DIV><BR></DIV>Hi ZhouLi,<BR><BR>See below<BR><BR>
<DIV><SPAN class=gmail_quote>On 7/9/07, <B class=gmail_sendername>Zhou Li</B>
<<A href="mailto:zhou.li@ca-jc.com">zhou.li@ca-jc.com</A>> wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV bgcolor="#ffffff">
<DIV><FONT face=Arial size=2>I test Zorp 3.0.14b + 2.0.6
cttproxy for kernel 2.6.17 and It work fine for me, but I found client
can</FONT></DIV>
<DIV><FONT face=Arial size=2>see ip address of dummy interface
that I can't understand.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>client(<A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.88.166" target=_blank>192.168.88.166</A>) <-->
zorp(dummy ip <A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.16.44.10" target=_blank>172.16.44.10</A>) <-->
server(<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.88.10" target=_blank> 192.168.88.10</A>)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>
<DIV><FONT face=Arial size=2># iptables -t tproxy -I PREROUTING -p tcp
--dport 80 -j TPROXY --on-ip <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.16.44.10" target=_blank>172.16.44.10</A> --on-port
60080</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></DIV>
<DIV><FONT face=Arial size=2>instances.conf:</FONT></DIV>
<DIV><FONT face=Arial size=2>http -T -v 1 -s core.error:0 -p
/usr/local/etc/zorp/http.py -B <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.16.44.10" target=_blank>172.16.44.10</A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>http.py:</FONT></DIV>
<DIV><FONT face=Arial size=2>.</FONT></DIV>
<DIV><FONT face=Arial size=2>.</FONT></DIV>
<DIV><FONT face=Arial size=2>.</FONT></DIV>
<DIV><FONT face=Arial size=2>def zorp():<BR> Service("http", MyHttp,
router=TransparentRouter(forge_addr=TRUE,
forge_port=Z_PORT_EXACT))<BR> Listener(SockAddrInet(<A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.16.44.10" target=_blank>172.16.44.10</A>, 60080), "http",
transparent=TRUE, mark_tproxy=TRUE)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>when I make a new http request from client to
server and tcpdump will display the information
below</FONT></DIV></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>tcpdump on client</FONT></DIV>
<DIV><FONT face=Arial size=2># tcpdump | grep <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.16.44.10" target=_blank>172.16.44.10</A></FONT></DIV>
<DIV><FONT face=Arial size=2>16:10:57.975579 802.1Q vlan#3 P0
172.16.44.10.60080 > 192.168.88.166.2883: P 0:32(32) ack 1 win 11680
(DF)<BR>16:10:57.975611 172.16.44.10.60080 > 192.168.88.166.2883: P
0:32(32) ack 1 win 11680 (DF)<BR>16:10:57.975831 192.168.88.166.2883 >
172.16.44.10.60080: R 3812615646:3812615646(0) win 0<BR>16:10:57.975860
802.1Q vlan#3 P0 192.168.88.166.2883 > 172.16.44.10.60080: R
3812615646:38126156</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>tcpdump on server</FONT></DIV>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2># tcpdump | grep <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.16.44.10"
target=_blank>172.16.44.10</A></FONT></DIV></FONT></DIV>
<DIV><FONT face=Arial size=2>16:10:57.538207 arp who-has <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.88.10" target=_blank>192.168.88.10</A> tell <A
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.16.44.10" target=_blank>172.16.44.10</A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>my question is how to avoid client see
dummy ip address?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>ZhouLi</FONT></DIV></DIV></BLOCKQUOTE>
<DIV><BR></DIV>
<DIV><BR>Does TProxy work in bridge mode - you appear to have the same network
address/mask on both zorp interfaces - is this correct? Or is this on a VMWare
system? <BR><BR><BR>--<BR>Regards<BR>AJ<BR><BR>NetSafety - Intenet Security
Made Easy<BR></DIV></DIV><BR>____ KILLÓʼþ°²È«Íø¹Ø ÒѾ­É¨ÃèÁËÕâ·âÓʼþ
____<BR>
<P>
<HR>
<P></P>_______________________________________________<BR>zorp mailing
list<BR>zorp@lists.balabit.hu<BR>https://lists.balabit.hu/mailman/listinfo/zorp<BR><BR><BR>____
KILLSJ<~02H+Mx9X RQ>-I(ChAKUb7bSJ<~
____<BR><BR></BLOCKQUOTE>
<BR>
____ KILLÓʼþ°²È«Íø¹Ø ÒѾɨÃèÁËÕâ·âÓʼþ ____<BR>
</BODY></HTML>