[tproxy] UDP transparent proxying
KOVACS Krisztian
hidden@balabit.hu
Wed, 29 Oct 2003 14:38:52 +0100
Hi,
Jean-pierre Cartal wrote:
> To give you more informations, my test box has 2 ethernet interfaces and
> I want to use eth1 for transparents proxying. The IP address on this
> interface is 192.168.3.1, the eth0 interface address is 172.20.3.15
> I first create a socket to listen on incoming requests normally targeted
> to 192.168.2.1, which are sent to my TP host using a linux router. This
> part is working fine and I'm able to receive all packets.
> The IP address for the outgoing packets is set to the source address of
> the incoming packet I just received on the listening socket.
> I create a local socket, bind it to a random local port, use the
> IP_TPROXY_ASSIGN socket option to assign the IP address and source port,
> the latter being different from the one in the original packet as I want
> all responses from the originally targeted server to arrive on a single
> port.
> I then call the IP_TPROXY_FLAGS socket option using the ITP_CONNECT flag.
> Finally, I connect this socket with the original remote machine (same
> IP and same port as in the incoming packet).
Oh, one possible problem: you _have_to_ connect() the socket to the
original remote end _before_ setting the tproxy flags.
--
Regards,
Krisztian KOVACS