tproxy

Download

tproxy@lists.balabit.hu

September 2013

3 participants
2 discussions

TPROXY on ubuntu not working.
by yash cp 18 Nov '13

18 Nov '13

Hello Team, I am trying to configure and use TPROXY as given in the link. http://wiki.squid-cache.org/Features/Tproxy4 My setup includes : A Ubuntu machine with one Network card, but two IP addresses ( one of which is virtual or Alias) Real IP: 192.168.150. 10 -- ( interface to the internet) Virtual IP : 192.168.22.5 -- ( interface to the subnet 192.168.22.0/24) Both the IP's have the same MAC address. When the client( 192.168.22.10) sends connection request, its forwarded to the other port 50001 (Checked with the logs). But the proxy is not responding with SYN-ACK , as a result the connection is not established. I don't know about the internals of the TPROXY. Does it works with matching using IP address and port or with MAC address. Does TPROXY is not supported in this scenario? Best Regards, Yash

4 6

SQUID+TPROXY for assymetric routes
by Henry Pootel 20 Sep '13

20 Sep '13

Hello. I've a scheme +--------+ +---------+ +---------+ +-----+ | client |------| router1 |--------| router2 |------| web | +--------+ +----+----+ +----+----+ +-----+ | | | | | +--------+ | +---| TPROXY |-----+ +--------+ client IP: 10.10.175.111 web IP: 5.5.5.5 The routing is assymetric. Packets from "client" to "web" is go through TPROXY, but from "web" is go directly through "router2" and "router1". The "TPROXY" is an OpenSuSE 12.3 linux computer with Squid 3.2.11 and TPROXY v4.1.0 with kernel Linux 3.7.10-1.16-default. I've attached a diff of tshark dumps of client oungoing and web incoming trafics. My problem is a changing source port on "TPROXY". Is the source port may be changed by squid+tproxy? Can I forbid it and keep client's source port like as client's IP? Thanks, Henry

3 3