Hi, On Mon, 2009-11-23 at 13:43 +0100, Andreas Schultz wrote:
I was trying to replace a setup based on a 2.6.27.14 kernel with a 2.6.32-rc8 kernel and found that TPROXY is no longer working.
The 2.6.27.14 kernel had the last stable tproxy patch plus some additional fixes (TIME_WAIT, inet_sk_flowi_flags). Since 2.6.32 is supposed to have working tproxy support, i dropped all patches.
Now, connections to the local tproxy port no longer arrive at that port. From the kernel log:
Nov 23 12:32:31 scg01-wiwob user.debug kernel: tproxy socket lookup: proto 6 ac19c4df:49175 -> c0a80208:80, lookup type: 2, sock (null) Nov 23 12:32:31 scg01-wiwob user.debug kernel: tproxy socket lookup: proto 6 ac19c4df:49175 -> c0a80208:3128, lookup type: 1, sock debae040 Nov 23 12:32:31 scg01-wiwob user.debug kernel: redirecting: proto 6 c0a80208:80 -> 00000000:3128, mark: 880400a0
The redirecting message is the last indication of the packet. tcpdump shows that no answer for the initial packet goes out and the listening socket it not notified either.
I'll have a look at this. In the meantime, could you please post your kernel config, along with a summary of the iptables & ip rules you're using? Cheers, Krisztian