Hello there, I have some problem with iptables 1.3.8, please point me out where's my error is. I took latest tproxy patches, applied them on kernel 2.6.22.6 and iptables 1.3.8 according to README, I used iptables-1.3.8.diff for iptables-1.3.8.diff but can't add any iptables rules with TPROXY for some reasons. Here's some details about my set up module is loaded # dmesg | grep TPROX IP_TPROXY: Transparent proxy support initialized, version 4.0.0 IP_TPROXY: Copyright (c) 2002-2007 BalaBit IT Ltd. module is loaded # lsmod | grep proxy iptable_tproxy 7620 0 ip_tables 20840 3 iptable_nat,iptable_tproxy,iptable_filter list of rules # iptables -t tproxy -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination iptables has failed # iptables -t tproxy -A PREROUTING -j TPROXY --on-port 80 iptables: No chain/target/match by that name I guess I missed something, please advise. Thanks, Alexc
Hello, I tried it as you did, but it works. By default extensions/.tproxy-test is not executable this may be a problem because without it tproxy match and target modules of iptables won't be compiled. I have no other idea. Vects írta:
Hello there, I have some problem with iptables 1.3.8, please point me out where's my error is. I took latest tproxy patches, applied them on kernel 2.6.22.6 and iptables 1.3.8 according to README, I used iptables-1.3.8.diff for iptables-1.3.8.diff but can't add any iptables rules with TPROXY for some reasons. Here's some details about my set up
module is loaded # dmesg | grep TPROX IP_TPROXY: Transparent proxy support initialized, version 4.0.0 IP_TPROXY: Copyright (c) 2002-2007 BalaBit IT Ltd.
module is loaded # lsmod | grep proxy iptable_tproxy 7620 0 ip_tables 20840 3 iptable_nat,iptable_tproxy,iptable_filter
list of rules # iptables -t tproxy -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination
iptables has failed # iptables -t tproxy -A PREROUTING -j TPROXY --on-port 80 iptables: No chain/target/match by that name
I guess I missed something, please advise.
Thanks, Alexc
-- Panther
On Wed, 2007-09-19 at 17:49 +0200, Laszlo Attila Toth wrote:
Hello,
I tried it as you did, but it works.
By default extensions/.tproxy-test is not executable this may be a problem because without it tproxy match and target modules of iptables I paid attention to that and use chmod on .tproxy-test as written in readme. I've got and error message about --on-port with 'iptables -t tproxy -A PREROUTING -j TPROXY'. Plus I found libipt_tproxy.so in /usr/local/lib/iptables after installation of iptables.
Thanks, Alexc.
won't be compiled. I have no other idea.
Vects írta:
Hello there, I have some problem with iptables 1.3.8, please point me out where's my error is. I took latest tproxy patches, applied them on kernel 2.6.22.6 and iptables 1.3.8 according to README, I used iptables-1.3.8.diff for iptables-1.3.8.diff but can't add any iptables rules with TPROXY for some reasons. Here's some details about my set up
module is loaded # dmesg | grep TPROX IP_TPROXY: Transparent proxy support initialized, version 4.0.0 IP_TPROXY: Copyright (c) 2002-2007 BalaBit IT Ltd.
module is loaded # lsmod | grep proxy iptable_tproxy 7620 0 ip_tables 20840 3 iptable_nat,iptable_tproxy,iptable_filter
list of rules # iptables -t tproxy -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination
iptables has failed # iptables -t tproxy -A PREROUTING -j TPROXY --on-port 80 iptables: No chain/target/match by that name
I guess I missed something, please advise.
Thanks, Alexc
Hello, When I removed the module xt_TPROXY from memory and its file in /lib/modules (xt_TPROXY.ko) I got the same error message: iptables -t tproxy -A PREROUTING -j TPROXY --on-port 80 ptables: No chain/target/match by that name It is not in the compiled kernel. Did you set both tproxy match and TPROXY target in Core netfilter group? If not: If you configured xtables (Core netfilter) first and then iptables (IP: Netfilter Configuration), only tproxy match is available in the xtables section. In the other configuration group you can set transparent proxying (tproxy table), and after that TPROXY target is available in xtables group in Core netfilter. Vects írta:
On Wed, 2007-09-19 at 17:49 +0200, Laszlo Attila Toth wrote:
Hello,
I tried it as you did, but it works.
By default extensions/.tproxy-test is not executable this may be a problem because without it tproxy match and target modules of iptables I paid attention to that and use chmod on .tproxy-test as written in readme. I've got and error message about --on-port with 'iptables -t tproxy -A PREROUTING -j TPROXY'. Plus I found libipt_tproxy.so in /usr/local/lib/iptables after installation of iptables.
Thanks, Alexc.
won't be compiled. I have no other idea.
Vects írta:
iptables has failed # iptables -t tproxy -A PREROUTING -j TPROXY --on-port 80 iptables: No chain/target/match by that name
I guess I missed something, please advise.
Thanks, Alexc
-- Panther
participants (2)
-
Laszlo Attila Toth
-
Vects