Send tproxy mailing list submissions to
tproxy@lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/tproxyor, via email, send a message with subject or body 'help' to
tproxy-request@lists.balabit.hu
You can reach the person managing the list at
tproxy-owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of tproxy digest..."
Today's Topics:
1. Re: TPROXY + Cisco Firewall (Laszlo Attila Toth)
----------------------------------------------------------------------
Message: 1
Date: Mon, 13 Aug 2007 10:13:15 +0200
From: Laszlo Attila Toth
<panther@balabit.hu>
Subject: Re: [tproxy] TPROXY + Cisco Firewall
To: tproxy@lists.balabit.hu
Message-ID: <200708131013.16001.panther@balabit.hu>
Content-Type: text/plain; charset="utf-8"
On Sunday 12 August 2007 00.28.07 Jojy Varghese wrote:
> Hi all
> 3.
> I have verified my changes by creating a REDIRECTION rule in the tproxy
> chain (can list my iptable changes by doing "iptables -t tproxy -L")
Hello,
For instance a client try to connect to a webserver somewhere on the Internet
listening on port 80, and your proxy is listening on port 50080. The iptables
rule that redirects packets to that port is the following:
iptables -t tproxy -p tcp --dport 80 -j TPROXY --on-port 50080
The next one is to allow incomming traffic on that port. Because the TPROXY
target marks the packet, the following rule accepts these
packets:
iptables -t filter -A INPUT -m tproxy -j ACCEPT
A tutorial is available here:
http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/--
Regards,
Laszlo Attila Toth
------------------------------
_______________________________________________
tproxy mailing list
tproxy@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxyEnd of tproxy Digest, Vol 26, Issue 11
**************************************