Hi, this may be a question for KOVACS Krisztian: I have experimented with binding to a foreign source address using cttproxy-2.4.25-1.9.3 and the foreign-tcp-connect program. However I skipped the nat_delete part of the patch as I was not able to apply it. Foreign-tcp-connect actually works perfectly with the peer seeing the spoofed address. However after working, it will consistently fail for several minutes. Then it will work once and the cycle will repeat. I'm guessing this has something to do with the nat_delete patch I skipped. From the mailing list archives:
The nat_delete patch has been adapted to the new TCP window-tracking patch by Jozsef Kadlecsik, so this patch needs the current tcp-window-tracking module from the Netfilter Patch-o-matic NG applied. If you don't want do do that, 04-nat_delete.patch can be skipped safely.
I tried this. The tcp-window-tracking patch seemed to apply to the vanilla 2.4.25 kernel successfully. However the 04-nat_delete.patch still fails to apply (included below) Any chance of a list of the which patches need to be applied to make cttproxy-2.4.25-1.9.3 apply cleanly including 4-nat_delete.patch? Regards, Andrew /usr/src/linux# patch -p1 < ../cttproxy-2.4.25-1.9.3/patch_tree/04-nat_delete.diff patching file net/ipv4/netfilter/ip_conntrack_core.c Hunk #1 FAILED at 357. 1 out of 4 hunks FAILED -- saving rejects to file net/ipv4/netfilter/ip_conntrack_core.c.rej patching file net/ipv4/netfilter/ip_nat_core.c Hunk #2 succeeded at 285 with fuzz 1. patching file net/ipv4/netfilter/ip_conntrack_proto_tcp.c patching file net/ipv4/netfilter/ip_conntrack_standalone.c Hunk #1 FAILED at 508. 1 out of 1 hunk FAILED -- saving rejects to file net/ipv4/netfilter/ip_conntrack_standalone.c.rej patching file include/linux/netfilter_ipv4/ip_conntrack.h Hunk #3 FAILED at 263. 1 out of 3 hunks FAILED -- saving rejects to file include/linux/netfilter_ipv4/ip_conntrack.h.rej