Hi, I'd like to ask You a question. I'm now using tproxy aplication with my own nat inside, but I'd like to know, If I can add tproxy after normal nat from iptables? If so, can You please give me any example how to set the iptables? -A POSTROUTING with -j TPROXY is not accepted by iptables. Thank You very much. Regards, Jakub Bednar
On Thu, 2006-08-03 at 12:20 +0200, Jakub Bednář wrote:
Hi, I'd like to ask You a question.
I'm now using tproxy aplication with my own nat inside, but I'd like to know, If I can add tproxy after normal nat from iptables? If so, can You please give me any example how to set the iptables?
-A POSTROUTING with -j TPROXY is not accepted by iptables.
The TPROXY target is only useful to redirect crossing traffic to local proxies, in essence it is quite similar to the REDIRECT target of the NAT table. The source address of outgoing connections can be modified either by using the tproxy module services directly, or using the nat table as you would with forwarded connections. Please note however that changing the addresses twice is not currently possible, as tproxy itself implements its features by using NAT functionality. -- Bazsi
Hi, I'd like to describe my problem little bit closer. We are runing a low bandwidth wireless net. We have a central station which is communicating via this morse net with a lots of devices(later as DEV1). Every DEV1 has a unique address, such us 10.4.0.48. But to every DEV1 is connected one other device (later DEV2). All DEV2 has the same IP 192.168.1.2. On DEV1 we are doing SNAT to 10.4.0.48, this is then translated to morse address and send to central station. The central station is then communicationg back using the received src morse address (star configuration of the net). I need my TPROXY to catch the traffic going from DEV2 through DEV1, but not when the src address is 192.168.1.2 but after the SNAT to 10.4.0.48. This address is then added to data and send to central station. There is then initiated the client-part of TPROXY using this address. I've written a simple support for SNAT to my tproxy and it works fine, but we would rather do the SNAT in iptables than in the TPROXY because we are already running the SNAT in iptables and the rules are well tested. Is there any possibility how to do this? And if not, do You think it will be too complicated for me to write tproxy-kernel-patch which will allow me to do this? Thanks a lot, Jakub Bednar ______________________________________________________________
Od: bazsi@balabit.hu Komu: Zorp users mailing list <zorp@lists.balabit.hu> Datum: 04.08.2006 10:48 Předmět: Re: [zorp] TPROXY with iptables nat??
On Thu, 2006-08-03 at 12:20 +0200, Jakub Bednář wrote:
Hi, I'd like to ask You a question.
I'm now using tproxy aplication with my own nat inside, but I'd like to know, If I can add tproxy after normal nat from iptables? If so, can You please give me any example how to set the iptables?
-A POSTROUTING with -j TPROXY is not accepted by iptables.
The TPROXY target is only useful to redirect crossing traffic to local proxies, in essence it is quite similar to the REDIRECT target of the NAT table.
The source address of outgoing connections can be modified either by using the tproxy module services directly, or using the nat table as you would with forwarded connections.
Please note however that changing the addresses twice is not currently possible, as tproxy itself implements its features by using NAT functionality.
-- Bazsi
_______________________________________________ zorp mailing list zorp@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/zorp
participants (2)
-
Balazs Scheidler
-
Jakub Bednář