Li,<br><br>More questions than answers, but we'll get to the cause of this...<br><br>Does zorp have a 192.168.88.x address assigned to either of it's interface? Does it have 2 interfaces or more? Can you provide a tcpdump trace of the sequence leading up to the below and include any ARP requests also?
<br><br><span class="q" id="q_113aef2e46390760_1"><div><font face="Arial" size="2"># tcpdump | grep <a href="http://172.16.44.10/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">172.16.44.10</a></font>
</div>
<div><font face="Arial" size="2">16:10:57.975579 802.1Q vlan#3 P0
172.16.44.10.60080 > 192.168.88.166.2883: P 0:32(32) ack 1 win 11680
(DF)<br>16:10:57.975611 172.16.44.10.60080 > 192.168.88.166.2883: P
0:32(32) ack 1 win 11680 (DF)<br>16:10:57.975831 192.168.88.166.2883 >
172.16.44.10.60080: R 3812615646:3812615646(0) win 0<br>16:10:57.975860
802.1Q vlan#3 P0 192.168.88.166.2883 > 172.16.44.10.60080: R
3812615646:38126156</font></div></span><br>ie: was there a 3-way TCP handshake between client and server (or zorp) before the above? What ARP requests/replies were sent/received by the client/zorp/server, if any? And can you include 'netstat -rn' (routing table) info too please - I'm not sure how these devices are communicating directly unless you have multiple networks (ie
<a href="http://192.168.88.0/24">192.168.88.0/24</a> and <a href="http://172.16.44.0/24">172.16.44.0/24</a>) attached to the same network segment?<br><br>I agree that you should not be able to see the client IP - did it work before in the past or is this the first time you've done this?
<br><br>I see you have VLANs configured also - are these 3 devices the only devices on the network or is it much more complicated than the original ascii diagram? Can you provide a more detailed diagram showing any other switches/firewalls/gateways on your network?
<br><br>--<br>Regards<br>AJ<br><br>NetSafety - Internet Security Made Easy<br><br><div><span class="gmail_quote">On 7/10/07, <b class="gmail_sendername">Zhou Li</b> <<a href="mailto:zhou.li@ca-jc.com">zhou.li@ca-jc.com
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff">
<div><font face="Arial" size="2">Yes, Johns, It work in bridge mode.
//ZhouLi</font></div>
<blockquote style="border-left: 2px solid rgb(0, 0, 0); padding-right: 0px; padding-left: 5px; margin-left: 5px; margin-right: 0px;"><div><span class="e" id="q_113aef2e46390760_1">
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">----- Original Message ----- </div>
<div style="background: rgb(228, 228, 228) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
<b>From:</b>
<a title="andrew.johns@gmail.com" href="mailto:andrew.johns@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">A
Johns</a> </div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"><b>To:</b> <a title="zorp@lists.balabit.hu" href="mailto:zorp@lists.balabit.hu" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Zorp users mailing list</a> </div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"><b>Sent:</b> Tuesday, July 10, 2007 14:56
</div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"><b>Subject:</b> Re: [zorp] Why client can see ip
address of dummy interface</div>
<div><br></div>Hi ZhouLi,<br><br>See below<br><br>
<div><span class="gmail_quote">On 7/9/07, <b class="gmail_sendername">Zhou Li</b>
<<a href="mailto:zhou.li@ca-jc.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">zhou.li@ca-jc.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff">
<div><font face="Arial" size="2">I test Zorp 3.0.14b + 2.0.6
cttproxy for kernel 2.6.17 and It work fine for me, but I found client
can</font></div>
<div><font face="Arial" size="2">see ip address of dummy interface
that I can't understand.</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">client(<a href="http://192.168.88.166" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.88.166</a>) <-->
zorp(dummy ip <a href="http://172.16.44.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">172.16.44.10</a>) <-->
server(<a href="http://192.168.88.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> 192.168.88.10</a>)</font></div>
<div><font face="Arial" size="2"></font> </div>
<div>
<div><font face="Arial" size="2"># iptables -t tproxy -I PREROUTING -p tcp
--dport 80 -j TPROXY --on-ip <a href="http://172.16.44.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">172.16.44.10</a> --on-port
60080</font></div>
<div><font face="Arial" size="2"></font> </div></div>
<div><font face="Arial" size="2">instances.conf:</font></div>
<div><font face="Arial" size="2">http -T -v 1 -s core.error:0 -p
/usr/local/etc/zorp/http.py -B <a href="http://172.16.44.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">172.16.44.10</a></font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">http.py:</font></div>
<div><font face="Arial" size="2">.</font></div>
<div><font face="Arial" size="2">.</font></div>
<div><font face="Arial" size="2">.</font></div>
<div><font face="Arial" size="2">def zorp():<br> Service("http", MyHttp,
router=TransparentRouter(forge_addr=TRUE,
forge_port=Z_PORT_EXACT))<br> Listener(SockAddrInet(<a href="http://172.16.44.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">172.16.44.10</a>, 60080), "http",
transparent=TRUE, mark_tproxy=TRUE)</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">
<div><font face="Arial" size="2">when I make a new http request from client to
server and tcpdump will display the information
below</font></div></font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">tcpdump on client</font></div>
<div><font face="Arial" size="2"># tcpdump | grep <a href="http://172.16.44.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">172.16.44.10</a></font></div>
<div><font face="Arial" size="2">16:10:57.975579 802.1Q vlan#3 P0
172.16.44.10.60080 > 192.168.88.166.2883: P 0:32(32) ack 1 win 11680
(DF)<br>16:10:57.975611 172.16.44.10.60080 > 192.168.88.166.2883: P
0:32(32) ack 1 win 11680 (DF)<br>16:10:57.975831 192.168.88.166.2883 >
172.16.44.10.60080: R 3812615646:3812615646(0) win 0<br>16:10:57.975860
802.1Q vlan#3 P0 192.168.88.166.2883 > 172.16.44.10.60080: R
3812615646:38126156</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">tcpdump on server</font></div>
<div><font face="Arial" size="2">
<div><font face="Arial" size="2"># tcpdump | grep <a href="http://172.16.44.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">172.16.44.10</a></font></div></font></div>
<div><font face="Arial" size="2">16:10:57.538207 arp who-has <a href="http://192.168.88.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.88.10</a> tell <a href="http://172.16.44.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
172.16.44.10</a></font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">my question is how to avoid client see
dummy ip address?</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">ZhouLi</font></div></div></blockquote>
<div><br></div>
<div><br>Does TProxy work in bridge mode - you appear to have the same network
address/mask on both zorp interfaces - is this correct? Or is this on a VMWare
system? <br><br></div></div></span></div></blockquote></div></blockquote></div>