[tproxy] TPROXY USAGE
Dileep Kumar
dileepk@sbcglobal.net
Wed, 30 Apr 2003 23:21:29 -0700
Hello Bazis,
A few questions for you:
The IP table entry (iptables -t tproxy -A PREROUTING -dest server_addr -j
TPROXY --on-port ) is sending all connections to the proxy.
Is this true that I don't need to set any IP table entry, if I am interested
only in connections on specific port? In our experiment with TPROXY, one
thing that we discovered was that if we are interested only in connections
on a specific port, we don't need to set any IP table entry at all. By using
setsockopt IP_TPROXY_ASSIGN and IP_TPROXY_FLAGS we could intercept the
packet and listen on foreign address and source a foreign address. For
PASV FTP, I can bind the port for listen that was sent to the client. I am
not sure when will I need to add IP table entry.
Second question was when I want to create a connection with foreign address
as source address, I need to bind to the local address with a local port.
Doing so creates a port management problem? I noticed in your Zorp code in
tpsocket file, the autobind function sends zero port. I am assuming, in this
case Kernel picks the port. Is this valid usage? Or do I need to manage the
ports?
Third, I did not see any proxy using the API defined in tpsocket. Do you
have any example of a full proxy that is using TPROXY?
Thanks
Dileep