[tproxy] UDP transparent proxying

KOVACS Krisztian hidden@balabit.hu
Wed, 29 Oct 2003 14:38:52 +0100


Jean-pierre Cartal wrote:
> To give you more informations, my test box has 2 ethernet interfaces and 
> I want to use eth1 for transparents proxying. The IP address on this 
> interface is, the eth0 interface address is
> I first create a socket to listen on incoming requests normally targeted 
> to, which are sent to my TP host using a linux router. This 
> part is working fine and I'm able to receive all packets.
> The IP address for the outgoing packets is set to the source address of 
> the incoming packet I just received on the listening socket.
> I create a local socket, bind it to a random local port,  use the 
> IP_TPROXY_ASSIGN socket option to assign the IP address and source port, 
> the latter being different from the one in the original packet as I want 
> all responses from the originally targeted server to arrive on a single 
> port.
> I then call the IP_TPROXY_FLAGS socket option using the ITP_CONNECT flag.
> Finally,  I connect this socket with the original remote machine (same 
> IP and same port as in the incoming packet).

   Oh, one possible problem: you _have_to_ connect() the socket to the 
original remote end _before_ setting the tproxy flags.

     Krisztian KOVACS