Hi, On 01/28/2010 04:53 PM, Stelian Ionescu wrote:
Hello, I'm using kernel 2.6.29 with iptables 1.4.6 and I'm trying to setup a minimal TPROXY. Basically, I've configured another (physical) machine to use my computer as default gateway, then on my machine I've enabled ip_forward and disabled rp_filter everywhere and using these rules:
ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 9999 --tproxy-mark 0x1/0x1
There are no other iptables rules, and all chains default to ACCEPT
Then, on the remote machine I try to telnet google.com 80, but the connection can't be established. Tcpdump shows that SYN packets arrive but then it's as if they were dropped: they aren't getting to the proxy on port 9999.
Any ideas ?
Does your proxy application set the IP_TRANSPARENT socket option on the listener socket? -- KOVACS Krisztian