[tproxy] UDP transparent proxying

KOVACS Krisztian hidden@balabit.hu
Mon, 27 Oct 2003 11:39:35 +0100


Jean-pierre Cartal wrote:
> I'm trying to write a transparent UDP proxy using TProxy, what I would 
> like to do is to intercept traffic going to  a given machine, and only  
> one, and then resend it with the original source IP address, but with a 
> different port number.
> I'm able to bind to a local socket, and receive traffic originally 
> destinated to the given machine using the ITP_LISTEN flag. My first 
> question is should I also use the ITP_UNIDIR option on this socket ?

   Yes, you should, but currently it really does not matter. (For UDP, at 

> My problem is when I try to forward the received packet to the 
> originally targeted machine, source and destination addresses are not 
> the one given through the IP_TPROXY_ASSIGN socket option and the connect 
> system call.  I took the code from the foreign-udp-connect.c sample 
> given with the patch, but it does not behave correctly within my code 
> whereas it is working fine when tested by itself.
> Do you have any clue on what I'm doing wrong here ?

   Could you perhaps provide some sample code? What is the source address 
of the outgoing traffic? (It would be important to know if no NAT mapping 
happens at all, or it's some other problem.)

     Krisztian KOVACS