I have used this concept with success for a UDP-based application: # IPv6 ip6tables -t mangle -A PREROUTING -i eth0 -p udp --dport 4342 -j TPROXY --tproxy-mark 0x2/0x3 --on-port 4342 ip -6 rule add fwmark 2 lookup 6 ip -6 route add local ::/0 dev eth0 table 6 I didn't go through your rules thoroughly but in your "ip route" instruction, wouldn't you need to specify the dev as eth0? Ramin On Tue, Apr 10, 2012 at 9:32 AM, WG <tproxy@wim.email.be> wrote:
Hi,
I'm trying to redirect all IPv6 traffic entering eth0 on port 80 to a locally running proxy server. But for some reason, the remote client gets only a connection timeout. I do see traffic entering eth0 to port 80, but nothing happens.
This is what I did : ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 ip6tables -t mangle -N DIVERT ip6tables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT ip6tables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff ip6tables -t mangle -A DIVERT -j ACCEPT ip6tables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128
Any ideas why it doesn't actually connect to port 3128 ? I tried using --on-ip as well, but no difference.
Thanks for any help !
Wim
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
-- Ramin