Hello, The Linux kernel 2.6.17 and 2.6.22 differs in the netfilter code, also tproxy patch differs a little bit too. The tproxy target is ipt_TPROXY in 2.6.17 and xt_TPROXY in 2.6.22, but both version will be xt_TPROXY. On Thursday 09 August 2007 09.16.40 Ondrej Kraus wrote:
#!/bin/sh [ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TPROXY.h ] && echo TPROXY [ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_tproxy.c ] && echo tproxy
Tested files are not included in kernel patch. I found ipt_TPROXY.h in patch for Ubuntu kernel and ipt_TPROXY.c in the same patch, but not ipt_tproxy.c.
The current files: * tproxy table net/ipv4/netfilter/iptable_tproxy.c * tproxy target In ubuntu-2.6.17 (it will be the same as in 2.6.22) net/ipv4/netfilter/ipt_TPROXY.c include/linux/netfilter_ipv4/ipt_TPROXY.h in 2.6.22 net/netfilter/xt_TPROXY.c include/linux/netfilter/xt_TPROXY.h * tproxy match net/netfilter/xt_tproxy.c
# iptables -A INPUT -m tproxy -j ACCEPT produces 'Invalid argument'
Strange. 2.6.17 works well. I will check it.
I think that it is obvious that I am new in Zorp/tproxy and these problems might be very trivial to resolve, but I cannot find anything useful to find resolusion.
TProxy 4 is new and the 2.6.22 is not fully tested: when INPUT chain empty in the filter table and its default policy is accept it works. -- Regards, Laszlo Attila Toth