Hi,

The strange thing is that, if I type all those commands, as soon as I
type the last one I can't connect to the server running on port 3128
remotely anymore, not even on the direct IP.

I'm running Linux kernel 3.3.2 (previously tried with 2.6.34).

Any suggestions most welcome...

Kind regards,

Wim

KOVACS Krisztian wrote:
> Hi,
>
> On 04/10/2012 03:32 PM, WG wrote:
>> I'm trying to redirect all IPv6 traffic entering eth0 on port 80 to a
>> locally running proxy server.
>> But for some reason, the remote client gets only a connection timeout. I
>> do see traffic entering eth0 to port 80, but nothing happens.
>>
>> This is what I did :
>> ip -f inet6 rule add fwmark 1 lookup 100
>> ip -f inet6 route add local ::/0 dev lo table 100
>> ip6tables -t mangle -N DIVERT
>> ip6tables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT
>> ip6tables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
>> ip6tables -t mangle -A DIVERT -j ACCEPT
>> ip6tables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
>> --tproxy-mark 0x1/0x1 --on-port 3128
>>
>> Any ideas why it doesn't actually connect to port 3128 ? I tried using
>> --on-ip as well, but no difference.
>
> Your rules look OK -- have you tried running netstat -s and see which
> counters are increasing? Or maybe using the Netfilter TRACE target to
> trace your packets through your iptables rules.
>
> Also, you didn't state which version of the kernel you're trying to use.
>
> Cheers,
> Krisztian
>
> .
>
_______________________________________________
tproxy mailing list
tproxy@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxy