Hello,
I am new to the list, and couldn’t find this discussed
in the archives:
Does anyone have a working version of nc/netcat that
supports tproxy? There appears to be several implementations of netcat,
but only found patches for a version that appears not to be available any
longer. I made a patch to netcat, but it’s not working and so I am
not certain if it’s a problem with my patch or my ip tables setup
(probably the later). Specific links to versions of netcat and patch for
it would be appreciated.
I do have kernel 2.6.29.3 and latest (or at least not more
than a couple months old) iptables.
A quick sanity check that the following is possible:
(99.9% sure based on other comments on the list)
1.
Want to have a box with two NICs between the internet
and local machines, basically a router. (Although a bridge might be even better).
2.
Have that machine intercept all connections from local
machines -> internet with tproxy on all ports, and create matching connections
using src ip of original machines -> internet. (Interception of connections
the other way, internet -> local machines is not required, but will not hurt,
but obviously they have to be able to at least forward through ok).
3.
Do some custom stuff on the streams mainly for
monitoring, and also a little manipulation (mainly http redirects).
Assuming the above is possible, will it be possible to keep
the same source port number on the outgoing connections? (Which would
mean two connections with the same src/dst pairs, but communicating on
different interfaces).
What should the ip tables rules look like for this to
function?
Most of the examples I found are for more specific cases,
such as for use with squid on just port 80. I am not certain I understand
fully the interaction between the rules for iptables and the interaction with tproxy.
Is there someplace this is all documented, along with all the details from a
programmer perspective such as the use of setsockopt? (I think I just need
updated man pages?)
Thanks in advance for any help/advice.