Hi there,
It turns out that the port isn't being faked either.
I'm only able to connect if I set the foreign IP address equal to the local IP address and the foreign port equal to the local port.
A tcpdump at the client shows that the IP headers aren't being modified. It's as if tproxy is creating entries in the hash table (TPROXY_ASSIGN and the subsequent call to setsockopt() is successful), but isn't overwriting the approriate fields in the IP headers.
Any thoughts?
N
On 4/6/06, Nguyen Nguyen <n3nguyen@gmail.com
> wrote:
Thanks for the response.
Here's my problem:
I'm running foreign-tcp-connect on a machine (say
1.2.3.4) to fake a source address (say
5.6.7.8 port 9999) when connecting to a web server. I get a connect timeout.
At the webserver, when I do a tcpdump, it seems that only the port is being faked, not the IP address. That is, the tcpdump output shows that I'm trying to connect from
1.2.3.4 port 9999.
If I use
5.6.7.8 as the fake IP address, it works. Has anyone experienced this problem? What am I missing?
My setup:
Linux kernel
2.6.15.3 (pristine) patched with tproxy-2.6.15-2.0.4
Many thanks,
On 4/6/06, Jan Engelhardt <jengelh@linux01.gwdg.de
> wrote:
>Q: Is patching the iptables userspace necessary if I just want to fool
>around with the example programs, say foreign-tcp-connect?
>
No, only if you want to modify the kernel ip tables.
(Which is not required if you only want to fake addresses.)
Jan Engelhardt
--