Have any of you seen this before? I followed instructions in README, but to no avail. Apologies if this is obvious but I am from a FreeBSD background, linux is not my normal OS so environment is foreign to me. Regards, Lachlan root@syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux root@syd-log01:/root/tproxy-4.0.1-2.6.22# root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128 iptables v1.3.8: Unknown arg `--on-port' Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY iptables v1.3.8: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod | grep iptable iptable_filter 3104 0 iptable_tproxy 6468 0 ip_tables 12420 2 iptable_filter,iptable_tproxy root@syd-log01:/root/tproxy-4.0.1-2.6.22#
Hello, I forgot to set address family in libxt_tproxy.c (match), but libxt_TPROXY.c (target) works well. Patch is attached. You should use the target as: iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other parameters> or iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other parameters> and iptables -A INPUT -m tproxy -j ACCEPT TPROXY target should be used only in the tproxy table's PREROUTING chain and tproxy match should be used in filter table's INPUT chain. Also you shouldn't write ... -m tproxy ... -j TPROXY Lachlan Bowes írta:
Have any of you seen this before?
I followed instructions in README, but to no avail.
Apologies if this is obvious but I am from a FreeBSD background, linux is not my normal OS so environment is foreign to me.
Regards, Lachlan
root@syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux root@syd-log01:/root/tproxy-4.0.1-2.6.22#
root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128 iptables v1.3.8: Unknown arg `--on-port' Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY iptables v1.3.8: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod | grep iptable iptable_filter 3104 0 iptable_tproxy 6468 0 ip_tables 12420 2 iptable_filter,iptable_tproxy root@syd-log01:/root/tproxy-4.0.1-2.6.22#
-- Panther
Hello Laszlo, I am still seeing this problem. root@syd-log01:/etc# iptables -A INPUT -m tproxy -j ACCEPT iptables v1.3.8: Couldn't load match `tproxy':/usr/local/lib/iptables/libipt_tproxy.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/etc# root@syd-log01:/etc# ls -la /usr/local/lib/iptables/libipt_tproxy.so ls: /usr/local/lib/iptables/libipt_tproxy.so: No such file or directory root@syd-log01:/etc# locate libipt_tproxy.so root@syd-log01:/etc# locate libipt_tproxy.c /usr/src/iptables-1.3.8/extensions/libipt_tproxy.c root@syd-log01:/etc# So my problem is more that I cannot get libipt_tproxy.c to compile. root@syd-log01:/usr/src/iptables-1.3.8# make > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.8# grep tproxy make.log root@syd-log01:/usr/src/iptables-1.3.8# Laszlo Attila Toth wrote:
Hello,
I forgot to set address family in libxt_tproxy.c (match), but libxt_TPROXY.c (target) works well. Patch is attached.
You should use the target as:
iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other parameters> or iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other parameters>
and iptables -A INPUT -m tproxy -j ACCEPT
TPROXY target should be used only in the tproxy table's PREROUTING chain and tproxy match should be used in filter table's INPUT chain. Also you shouldn't write ... -m tproxy ... -j TPROXY
Lachlan Bowes írta:
Have any of you seen this before?
I followed instructions in README, but to no avail.
Apologies if this is obvious but I am from a FreeBSD background, linux is not my normal OS so environment is foreign to me.
Regards, Lachlan
root@syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux root@syd-log01:/root/tproxy-4.0.1-2.6.22#
root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128 iptables v1.3.8: Unknown arg `--on-port' Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY iptables v1.3.8: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod | grep iptable iptable_filter 3104 0 iptable_tproxy 6468 0 ip_tables 12420 2 iptable_filter,iptable_tproxy root@syd-log01:/root/tproxy-4.0.1-2.6.22#
-- Panther
Hello, which version of TProxy do you use? libipt_tproxy.c exists only in old versions up to 4.0.0. But since 4.0.1 it is libxt_tproxy.c. Directory name is tproxy-4.0.1-2.6.22 - it should work. I cannot figure out how can the filename differs from that one if the iptables source directory is /usr/src/iptables-1.3.8 and you used the patch named as iptables-r7008-tproxy.diff plus the patch in my previous letter. By the way what is the output of extensions/.tproxy-testx script? There is a newer release of tproxy: 4.0.2 - a small fix with modified iptables. 707ada21efaa107a5c0d7218c5284239 tproxy-4.0.2-2.6.22.tgz Lachlan Bowes wrote:
Hello Laszlo,
I am still seeing this problem.
root@syd-log01:/etc# iptables -A INPUT -m tproxy -j ACCEPT iptables v1.3.8: Couldn't load match `tproxy':/usr/local/lib/iptables/libipt_tproxy.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/etc# root@syd-log01:/etc# ls -la /usr/local/lib/iptables/libipt_tproxy.so ls: /usr/local/lib/iptables/libipt_tproxy.so: No such file or directory root@syd-log01:/etc# locate libipt_tproxy.so root@syd-log01:/etc# locate libipt_tproxy.c /usr/src/iptables-1.3.8/extensions/libipt_tproxy.c root@syd-log01:/etc#
So my problem is more that I cannot get libipt_tproxy.c to compile.
root@syd-log01:/usr/src/iptables-1.3.8# make > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.8# grep tproxy make.log root@syd-log01:/usr/src/iptables-1.3.8#
Laszlo Attila Toth wrote:
Hello,
I forgot to set address family in libxt_tproxy.c (match), but libxt_TPROXY.c (target) works well. Patch is attached.
You should use the target as:
iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other parameters> or iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other parameters>
and iptables -A INPUT -m tproxy -j ACCEPT
TPROXY target should be used only in the tproxy table's PREROUTING chain and tproxy match should be used in filter table's INPUT chain. Also you shouldn't write ... -m tproxy ... -j TPROXY
Lachlan Bowes írta:
Have any of you seen this before?
I followed instructions in README, but to no avail.
Apologies if this is obvious but I am from a FreeBSD background, linux is not my normal OS so environment is foreign to me.
Regards, Lachlan
root@syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux root@syd-log01:/root/tproxy-4.0.1-2.6.22#
root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128 iptables v1.3.8: Unknown arg `--on-port' Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY iptables v1.3.8: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod | grep iptable iptable_filter 3104 0 iptable_tproxy 6468 0 ip_tables 12420 2 iptable_filter,iptable_tproxy root@syd-log01:/root/tproxy-4.0.1-2.6.22#
-- Panther
Hello Laszlo, I downloaded the latest tproxy version and tried from scratch and attempted the below. root@syd-log01:/root# tar -zxf tproxy-4.0.2-2.6.22.tgz root@syd-log01:/root# cd /usr/src/iptables-1.3.6/ root@syd-log01:/usr/src/iptables-1.3.6# cat /root/tproxy-4.0.2-2.6.22/patches/ iptables-svn.diff tproxy.diff root@syd-log01:/usr/src/iptables-1.3.6# cat /root/tproxy-4.0.2-2.6.22/patches/iptables-svn.diff | patch -p1 patching file extensions/libip6t_tproxy.man patching file extensions/libipt_tproxy.man patching file extensions/libipt_TPROXY.man patching file extensions/libxt_tproxy.c patching file extensions/libxt_TPROXY.c patching file extensions/libxt_tproxy.c.old patching file extensions/Makefile Hunk #1 succeeded at 25 (offset -4 lines). Hunk #2 succeeded at 127 (offset -19 lines). Hunk #3 succeeded at 141 (offset -19 lines). Hunk #4 succeeded at 155 (offset -19 lines). Hunk #5 succeeded at 169 (offset -19 lines). patching file extensions/.tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# chmod +x extensions/.tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# ls -la extensions/ | grep -i proxy -rw-r--r-- 1 root root 51 2007-09-04 16:40 libip6t_tproxy.man -rw-r--r-- 1 root root 51 2007-09-04 16:40 libipt_tproxy.man -rw-r--r-- 1 root root 790 2007-09-04 16:40 libipt_TPROXY.man -rw-r--r-- 1 root root 1914 2007-09-04 16:40 libxt_tproxy.c -rw-r--r-- 1 root root 3065 2007-09-04 16:40 libxt_TPROXY.c -rw-r--r-- 1 root root 1495 2007-09-04 16:40 libxt_tproxy.c.old -rwxr-xr-x 1 root root 100 2007-09-04 16:40 .tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# /usr/src/iptables-1.3.6/extensions/.tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# locate xt_TPROXY.h /usr/src/linux-2.6.22.3/include/linux/netfilter/xt_TPROXY.h root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# export KERNEL_DIR="/usr/src/linux" root@syd-log01:/usr/src/iptables-1.3.6# /usr/src/iptables-1.3.6/extensions/.tproxy-testx TPROXY tproxy root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# make clean (( removed all the usual stuff )) root@syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log root@syd-log01:/usr/src/iptables-1.3.6# /usr/src/iptables-1.3.6/extensions/.tproxy-testx TPROXY tproxy root@syd-log01:/usr/src/iptables-1.3.6# Regards, Lachlan Laszlo Attila Toth wrote:
Hello,
which version of TProxy do you use? libipt_tproxy.c exists only in old versions up to 4.0.0. But since 4.0.1 it is libxt_tproxy.c. Directory name is tproxy-4.0.1-2.6.22 - it should work. I cannot figure out how can the filename differs from that one if the iptables source directory is /usr/src/iptables-1.3.8 and you used the patch named as iptables-r7008-tproxy.diff plus the patch in my previous letter.
By the way what is the output of extensions/.tproxy-testx script?
There is a newer release of tproxy: 4.0.2 - a small fix with modified iptables.
707ada21efaa107a5c0d7218c5284239 tproxy-4.0.2-2.6.22.tgz
Lachlan Bowes wrote:
Hello Laszlo,
I am still seeing this problem.
root@syd-log01:/etc# iptables -A INPUT -m tproxy -j ACCEPT iptables v1.3.8: Couldn't load match `tproxy':/usr/local/lib/iptables/libipt_tproxy.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/etc# root@syd-log01:/etc# ls -la /usr/local/lib/iptables/libipt_tproxy.so ls: /usr/local/lib/iptables/libipt_tproxy.so: No such file or directory root@syd-log01:/etc# locate libipt_tproxy.so root@syd-log01:/etc# locate libipt_tproxy.c /usr/src/iptables-1.3.8/extensions/libipt_tproxy.c root@syd-log01:/etc#
So my problem is more that I cannot get libipt_tproxy.c to compile.
root@syd-log01:/usr/src/iptables-1.3.8# make > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.8# grep tproxy make.log root@syd-log01:/usr/src/iptables-1.3.8#
Laszlo Attila Toth wrote:
Hello,
I forgot to set address family in libxt_tproxy.c (match), but libxt_TPROXY.c (target) works well. Patch is attached.
You should use the target as:
iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other parameters> or iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other parameters>
and iptables -A INPUT -m tproxy -j ACCEPT
TPROXY target should be used only in the tproxy table's PREROUTING chain and tproxy match should be used in filter table's INPUT chain. Also you shouldn't write ... -m tproxy ... -j TPROXY
Lachlan Bowes írta:
Have any of you seen this before?
I followed instructions in README, but to no avail.
Apologies if this is obvious but I am from a FreeBSD background, linux is not my normal OS so environment is foreign to me.
Regards, Lachlan
root@syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux root@syd-log01:/root/tproxy-4.0.1-2.6.22#
root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128 iptables v1.3.8: Unknown arg `--on-port' Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY iptables v1.3.8: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod | grep iptable iptable_filter 3104 0 iptable_tproxy 6468 0 ip_tables 12420 2 iptable_filter,iptable_tproxy root@syd-log01:/root/tproxy-4.0.1-2.6.22#
-- Panther
Also, Just in addition, I went into /usr/src/iptables-1.3.6/extensions/Makefile and added tproxy to PF_EXT_SLIB PF_EXT_SLIB:=tproxy ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mar k multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP EC N LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG And the resulting make errors like below. root@syd-log01:/usr/src/iptables-1.3.6# make Extensions found: IPv4:CLUSTERIP IPv4:connbytes IPv4:dccp IPv4:quota IPv4:recent IPv4:statistic IPv4:string IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:REJECT IPv6:rt make: *** No rule to make target `extensions/libipt_tproxy_sh.o', needed by `extensions/libipt_tproxy.so'. Stop. root@syd-log01:/usr/src/iptables-1.3.6 Still looking for libipt_tproxy instead of libxt_tproxy. I also couldn't find iptables-r7008-tproxy.diff patch in the tproxy package but i did use the iptables patch in the patches directory shown below. /root/tproxy-4.0.2-2.6.22/patches/iptables-svn.diff | patch -p1 Lachlan Bowes wrote:
Hello Laszlo,
I downloaded the latest tproxy version and tried from scratch and attempted the below.
root@syd-log01:/root# tar -zxf tproxy-4.0.2-2.6.22.tgz root@syd-log01:/root# cd /usr/src/iptables-1.3.6/ root@syd-log01:/usr/src/iptables-1.3.6# cat /root/tproxy-4.0.2-2.6.22/patches/ iptables-svn.diff tproxy.diff root@syd-log01:/usr/src/iptables-1.3.6# cat /root/tproxy-4.0.2-2.6.22/patches/iptables-svn.diff | patch -p1 patching file extensions/libip6t_tproxy.man patching file extensions/libipt_tproxy.man patching file extensions/libipt_TPROXY.man patching file extensions/libxt_tproxy.c patching file extensions/libxt_TPROXY.c patching file extensions/libxt_tproxy.c.old patching file extensions/Makefile Hunk #1 succeeded at 25 (offset -4 lines). Hunk #2 succeeded at 127 (offset -19 lines). Hunk #3 succeeded at 141 (offset -19 lines). Hunk #4 succeeded at 155 (offset -19 lines). Hunk #5 succeeded at 169 (offset -19 lines). patching file extensions/.tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# chmod +x extensions/.tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# ls -la extensions/ | grep -i proxy -rw-r--r-- 1 root root 51 2007-09-04 16:40 libip6t_tproxy.man -rw-r--r-- 1 root root 51 2007-09-04 16:40 libipt_tproxy.man -rw-r--r-- 1 root root 790 2007-09-04 16:40 libipt_TPROXY.man -rw-r--r-- 1 root root 1914 2007-09-04 16:40 libxt_tproxy.c -rw-r--r-- 1 root root 3065 2007-09-04 16:40 libxt_TPROXY.c -rw-r--r-- 1 root root 1495 2007-09-04 16:40 libxt_tproxy.c.old -rwxr-xr-x 1 root root 100 2007-09-04 16:40 .tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# /usr/src/iptables-1.3.6/extensions/.tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# locate xt_TPROXY.h /usr/src/linux-2.6.22.3/include/linux/netfilter/xt_TPROXY.h root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6# export KERNEL_DIR="/usr/src/linux" root@syd-log01:/usr/src/iptables-1.3.6# /usr/src/iptables-1.3.6/extensions/.tproxy-testx TPROXY tproxy root@syd-log01:/usr/src/iptables-1.3.6#
root@syd-log01:/usr/src/iptables-1.3.6# make clean (( removed all the usual stuff ))
root@syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log root@syd-log01:/usr/src/iptables-1.3.6# /usr/src/iptables-1.3.6/extensions/.tproxy-testx TPROXY tproxy root@syd-log01:/usr/src/iptables-1.3.6#
Regards, Lachlan
Laszlo Attila Toth wrote:
Hello,
which version of TProxy do you use? libipt_tproxy.c exists only in old versions up to 4.0.0. But since 4.0.1 it is libxt_tproxy.c. Directory name is tproxy-4.0.1-2.6.22 - it should work. I cannot figure out how can the filename differs from that one if the iptables source directory is /usr/src/iptables-1.3.8 and you used the patch named as iptables-r7008-tproxy.diff plus the patch in my previous letter.
By the way what is the output of extensions/.tproxy-testx script?
There is a newer release of tproxy: 4.0.2 - a small fix with modified iptables.
707ada21efaa107a5c0d7218c5284239 tproxy-4.0.2-2.6.22.tgz
Lachlan Bowes wrote:
Hello Laszlo,
I am still seeing this problem.
root@syd-log01:/etc# iptables -A INPUT -m tproxy -j ACCEPT iptables v1.3.8: Couldn't load match `tproxy':/usr/local/lib/iptables/libipt_tproxy.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/etc# root@syd-log01:/etc# ls -la /usr/local/lib/iptables/libipt_tproxy.so ls: /usr/local/lib/iptables/libipt_tproxy.so: No such file or directory root@syd-log01:/etc# locate libipt_tproxy.so root@syd-log01:/etc# locate libipt_tproxy.c /usr/src/iptables-1.3.8/extensions/libipt_tproxy.c root@syd-log01:/etc#
So my problem is more that I cannot get libipt_tproxy.c to compile.
root@syd-log01:/usr/src/iptables-1.3.8# make > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.8# grep tproxy make.log root@syd-log01:/usr/src/iptables-1.3.8#
Laszlo Attila Toth wrote:
Hello,
I forgot to set address family in libxt_tproxy.c (match), but libxt_TPROXY.c (target) works well. Patch is attached.
You should use the target as:
iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other parameters> or iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other parameters>
and iptables -A INPUT -m tproxy -j ACCEPT
TPROXY target should be used only in the tproxy table's PREROUTING chain and tproxy match should be used in filter table's INPUT chain. Also you shouldn't write ... -m tproxy ... -j TPROXY
Lachlan Bowes írta:
Have any of you seen this before?
I followed instructions in README, but to no avail.
Apologies if this is obvious but I am from a FreeBSD background, linux is not my normal OS so environment is foreign to me.
Regards, Lachlan
root@syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux root@syd-log01:/root/tproxy-4.0.1-2.6.22#
root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128 iptables v1.3.8: Unknown arg `--on-port' Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A PREROUTING -j TPROXY iptables v1.3.8: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. root@syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod | grep iptable iptable_filter 3104 0 iptable_tproxy 6468 0 ip_tables 12420 2 iptable_filter,iptable_tproxy root@syd-log01:/root/tproxy-4.0.1-2.6.22#
-- Panther
------------------------------------------------------------------------
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
Hello Lachlan, The problem is that the tproxy iptables patch uses the latest version in svn, and iptables-1.3.8 doesn't use libxt_* (xtables). I attached a patch against version 1.3.8 which should work with 1.3.6, too. Regards, Laszlo Lachlan Bowes wrote:
Hello Laszlo,
I downloaded the latest tproxy version and tried from scratch and attempted the below.
root@syd-log01:/usr/src/iptables-1.3.6# chmod +x extensions/.tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6#
/usr/src/iptables-1.3.6/extensions/.tproxy-testx TPROXY tproxy root@syd-log01:/usr/src/iptables-1.3.6#
Regards, Lachlan
That has fixed the problem, so iptables has correctly compiled the source, i'll get squid up and running and let you know how it all goes. Thank you Regards, Lachlan Laszlo Attila Toth wrote:
Hello Lachlan,
The problem is that the tproxy iptables patch uses the latest version in svn, and iptables-1.3.8 doesn't use libxt_* (xtables).
I attached a patch against version 1.3.8 which should work with 1.3.6, too.
Regards, Laszlo
Lachlan Bowes wrote:
Hello Laszlo,
I downloaded the latest tproxy version and tried from scratch and attempted the below.
root@syd-log01:/usr/src/iptables-1.3.6# chmod +x extensions/.tproxy-testx root@syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux > make.log libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used ar: creating libiptc/libiptc.a libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used ar: creating libipq/libipq.a root@syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log root@syd-log01:/usr/src/iptables-1.3.6# root@syd-log01:/usr/src/iptables-1.3.6#
/usr/src/iptables-1.3.6/extensions/.tproxy-testx TPROXY tproxy root@syd-log01:/usr/src/iptables-1.3.6#
Regards, Lachlan
participants (2)
-
Lachlan Bowes
-
Laszlo Attila Toth