On Thursday 02 August 2007 00.03.35 Cameron Schaus wrote:
On Tue, Jul 31, 2007 at 12:31:35PM +0200, Laszlo Attila Toth wrote:
TProxy version 4.0.0 has been released for Linux 2.6.17 (Ubuntu 2.6.17.1-12.39) and 2.6.23-rc1
I downloaded the TProxy version 4.0.0 tarball for 2.6.17, patched and built myself a kernel. I am now trying to get a test foreign-tcp-connect program working to test my kernel. But, I must be missing something, because my test program is not working.
Here is what I've done:
- loaded the tproxy modules on the client test machine # modprobe xt_proxy # modprobe iptable_tproxy tproxy_any=1
- added a static arp entry for the foreign address on my web server pointing to the client test machine
- execute my c program on the client machine, which essentially does the following (I can post the code if it is helpful)
sock = socket(AF_INET, SOCK_STREAM, 0); setsockopt(sock, SOL_IP, IP_FREEBIND, &socktop, sizeof(sockopt)); /* local bind */ bind( sock, FOREIGN_IP, FOREIGN_PORT ); connect( sock, REMOTE_IP, REMOTE_PORT );
The connect hangs while the client machine (running the foreign connect program) sends out ARP packets asking who-has the foriegn address.
What am I missing in the above steps to get my foreign-connect program working?
Hello, For binding to foreign address you should echo 1 into /proc/sys/net/ipv4/ip_nonlocal_bind file, this may help. By the way if you set the IP_FREEBIND you don't need to use tproxy_any=1 module parameter. In the tproxy table it is tested whether either IP_FREEBIND or tproxy_any is set or not. Hm, it seems I should write these into the README file which is still a bit outdated.
Lastly, I noticed the set of diffs published does not include the IP_TRANSPARENT socket option. Has this setsockopt been dropped?
Yes, it is dropped. It is unnecessary since IP_FREEBIND is enough for transparent proxying.
Thanks, Cam
-- Regards, Laszlo Attila Toth