On Thu, Aug 02, 2007 at 01:25:39PM +0200, Laszlo Attila Toth wrote:
For binding to foreign address you should echo 1 into /proc/sys/net/ipv4/ip_nonlocal_bind file, this may help.
By the way if you set the IP_FREEBIND you don't need to use tproxy_any=1 module parameter. In the tproxy table it is tested whether either IP_FREEBIND or tproxy_any is set or not.
I have tried each of the above methods, but there are still problems. I have tracked the problem down the my use of a bridge. The foreign connect worked correctly on my test machines when I configured a single interface, eth1, with a local IP address, bound to the foreign address and issued the connect. When I configured a bridge, and repeated the test, I see the same behaviour I did yesterday. The machine trying to connect ends up arping the foriegn IP address. Here is what I'm doing: # modprobe xt_tproxy # modprobe iptable_tproxy # sysctl -w net.ipv4.ip_non_local_bind=1 # modprobe bridge # brctl addbr br0 # brctl addif br0 eth0 # brctl addif br0 eth1 # ifconfig br0 LOCAL_IP netmask LOCAL_MASK # add static arp for foreign address on web server # ./foreign-connect (this issues a bind to the foreign IP prior to connecting) Where can I look to correct this issue? Is iptables prerouting too late when dealing with packets arriving on a bridge interface? Thanks, Cam