Ravi Valmikam wrote:
However, I am having trouble with the server side socket. I successfully bound the socket to a foriegn address (client's ip and port 0) and initiated a connection to the real server. The TCP SYN is going out of the box and SYN ACK is coming in. But this SYN ACK does not make it into the socket layer (or atleast my program) and socket stays in SYN_SENT state until time out.
Can you please help me with this? It feels so close but ...
Cameron Schaus wrote: This is a shot in the dark, but does your server have the correct ARP entry for the client? Unless your proxy is physically inline, the server will have the client machine's MAC for the client IP, and not the proxy MAC. Therefore packets will be sent directly to the client, which is not what you want.
In the past I have added the client MAC as a static ARP entry on the server to work around this issue (for testing).
Cam
As far as I know that's an expected behaviour - because the return path is destined for the foreign IP and not the proxy. Adding a static ARP entry works for testing only, as this will result in too many arp entries in a live network. Either setup the system as a bridge ( and hence capable of hijacking the return path ) or if the return path goes through some routers where the routers will route the packets to your proxy. Cheers.