Hi all I am a newbie who is trying to "proxy" using the tproxy patch. I am unable to get the client IP proxied after doing all the changes mentioned on the README file. In short, here are the things i did so far: 1. Applied the kernel patch and compiled it and have it deployed 2. I have done the user space changes of iptables 3. I have verified my changes by creating a REDIRECTION rule in the tproxy chain (can list my iptable changes by doing "iptables -t tproxy -L") 4. Done the code changes as mentioned in the example section of the patch download. After doing all the above steps, when I run my proxy server I dont get a response back at my client. When I "tcpdump" my interface, I see the requests do come but then all of them gets "RST" ed. Now mu traffic goes through a Cisco firewall. Does that have something to do with it? If no, then what are some of the troubleshooting ideas? thanks in advance Jojy ____________________________________________________________________________________ Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&c...
On Sunday 12 August 2007 00.28.07 Jojy Varghese wrote:
Hi all 3. I have verified my changes by creating a REDIRECTION rule in the tproxy chain (can list my iptable changes by doing "iptables -t tproxy -L")
Hello, For instance a client try to connect to a webserver somewhere on the Internet listening on port 80, and your proxy is listening on port 50080. The iptables rule that redirects packets to that port is the following: iptables -t tproxy -p tcp --dport 80 -j TPROXY --on-port 50080 The next one is to allow incomming traffic on that port. Because the TPROXY target marks the packet, the following rule accepts these packets: iptables -t filter -A INPUT -m tproxy -j ACCEPT A tutorial is available here: http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/ -- Regards, Laszlo Attila Toth
participants (2)
-
Jojy Varghese
-
Laszlo Attila Toth