[tproxy] Both session stealing and src spoofing.(Proxy-Firewall)

Yoshioka Tsuneo tsuneo.yoshioka@f-secure.com
Thu, 19 Jun 2003 23:04:47 +0900

Hello Bazsi

Thank you very much for your quick advice.

> If I understand correctly what you mean here, it is not currently possible
> as the tuple of the connection must be unique.
> The tuple includes source address, source port, destination address,
> destination port. The incoming connection and the connection on the
> server side have the same tuples. Do you really need to also fake the source
> port towards the server?
> In our experience, choosing a different port dynamically towards the server
> causes no problems.
At now, there is no need to keep source port address of client. 
So I tried to set "itp.itp_fport=0".
And it works without problem !
Thank you.

  I hope that tproxy kernel patch will be joined to Linux2.5(and 2.6) kernel.
  I would be happy if you and Linus have such a plan. :-)

Yoshioka Tsuneo
E-MAIL: Tsuneo.Yoshioka@f-secure.com