Hello, thanks for this informations, I'm using zorp 3.1.12 with tproxy 4.0.3 on kernel 2.6.22. I think that tproxy table is after nat table, as if i disable my netmap rules ( prerouting ) int nat table, the redirection to zorp work. So I need to use only netmap on postrouting in nat table for source-nat, and use OneToOneMultiNat on zorg configuration for destination-nat ( I have to do source and destination nat on the same box. ) But, in this case : the requests sent by zorp to the destination server is done with the box ip and not the client's ip. For now : 1/ Source Nat is done in postrouting nat table with Netmap target 2/ Destination Nat is done by zorp ( OneToOneMultiNat ) How can I do to force zorp to use the client's ip as ip source whe it connect to the destination server ? thank's a lot. 2007/11/9, Laszlo Attila Toth <panther@balabit.hu>:
Hello,
Mohamed Badri wrote:
Hi,
I'm running Linux 2.6.22, Iptables 1.3.8, with Tproxy 4.0.3 patches
I've added the following rules in iptables :
iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 50080 iptables -t tproxy -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j TPROXY --on-port 50080
but nothing happens, connexions to port 80 are not redirected to local port 50080.
Did you use IP_FREEBIND socket option in your program on the listening socket? Without it the tproxy only works if you load iptable_tproxy with the tproxy_any=1 module parameter:
modprobe iptable_tproxy tproxy_any=1
Can I use NETMAP target in nat table while using tproxy ?
I'm not sure, probably no. The tproxy table is before nat also if the TPROXY target changes the local route (the packet is diverted) then the NETMAP may change this also the packets may not arrive to the listening socket.
-- Panther
-- ----