On Mon, 2009-03-02 at 12:16 -0800, Pranav Desai wrote:
Hello All,
I am having some trouble redirecting port 80 traffic to 8080 using tproxy for transparent proxying. The SYNs come in but there is no SYN-ACK going out. the iptables -L do show the rules being matched.
tcpdump output -------------------- # tcpdump -nn -i eth1 port 8080 or port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
12:12:30.973583 IP 13.1.1.1.34879 > 172.16.55.205.80: S 2941026950:2941026950(0) win 5840 <mss 1460,sackOK,timestamp 3948186312 0,nop,wscale 7> 12:12:33.974329 IP 13.1.1.1.34879 > 172.16.55.205.80: S 2941026950:2941026950(0) win 5840 <mss 1460,sackOK,timestamp 3948189312 0,nop,wscale 7>
Kernel (with tproxy enabled) and Iptables Version -------------------------------------------------------------- # iptables -V iptables v1.4.3-rc1 # uname -a Linux dev 2.6.28.3 #1 SMP Sun Mar 1 23:13:20 PST 2009 x86_64 x86_64 x86_64 GNU/Linux
I am only trying to get the first step of redirection working.
Are these instructions in the README enough, or do I need any thing else ? <instructions> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port <proxyport> --tproxy-mark 0x1/0x1
ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 </instructions>
I do have 2 interfaces, does that have anything to do with the problem ?
I have even tried with the other mangle rules (the rules for socket match) given in the README, but still no difference. I have given some details below, but let me know if you need any other details.
Thanks -- Pranav
Hmm can you check that the SYN packets arrive at the filter/INPUT chain as well? Just add a LOG rule in your INPUT chain. -- Bazsi