I added a static route.

I found the reason.
One of my tp-link device has a bug  which quietly ignored my static route configuration.



2011/5/4 Balazs Scheidler <bazsi@balabit.hu>
On Mon, 2011-05-02 at 19:42 +0800, 文剑 wrote:
> Hi,
>
> I want to write a full transparency proxy too.
>
> Squid and haproxy are so complicated that i can't quickly understand
> how tproxy works.
> And I am new to iptables.
> If there is a sample peace of code which is simple, I think it would
> be helpful.
>
> I wrote some code which failed at initiating connections with a
> foreign address as a source.
> The reason is timeout while attempting connection.
> Where am I wrong?
>
> Thanks.
>
>
> My code:
>
> #define NON_LOCAL_IP "192.168.111.23"
> #define NON_LOCAL_PORT 2000
>
> int sockfd = socket(AF_INET, SOCK_STREAM, 0);
>
> memset (&non_local_addr, 0, sizeof(non_local_addr));
> non_local_addr.sin_family = AF_INET;
> dst_addr.sin_addr.s_addr = inet_addr(NON_LOCAL_IP);
> inet_pton(AF_INET, NON_LOCAL_IP, &non_local_addr.sin_addr);
> non_local_addr.sin_port = htons(NON_LOCAL_PORT);
>
> setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &optvalue,
> sizeof(optvalue));
> setsockopt(sockfd, SOL_IP, IP_TRANSPARENT, &optvalue,
> sizeof(optvalue));
> bind(sockfd, (struct sockaddr *)&non_local_addr,
> sizeof(non_local_addr));
>
> memset(&dst_addr, 0, sizeof(dst_addr));
> dst_addr.sin_family = AF_INET;
> dst_addr.sin_addr.s_addr = inet_addr("192.168.1.1");
> dst_addr.sin_port = htons(80);
>
> connect(sockfd, (struct sockaddr *) &dst_addr, sizeof(dst_addr));  //
> ETIMEOUT

are you sure the reverse direction is routed back through your box? that
is needed for tproxy to pick up packets.

e.g. the server should route client destined packets using your box as a
gateway.

--
Bazsi