[tproxy] failure to apply snat mapping?
Lennert Buytenhek
buytenh@wantstofly.org
Fri, 23 Apr 2004 11:56:04 +0200
Hi,
Hacked manual dnat support into the app and scheduled a time slot to restart
it, so this question is not all that important to me anymore right now, but
I'm still interested.
cheers,
Lennert
On Wed, Apr 21, 2004 at 07:35:37PM +0200, Lennert Buytenhek wrote:
> Hi,
>
> Let's say that I have an app that connects to IP address 1.2.3.4, and uses
> tproxy to fake the source address as 5.6.7.8. Bind the socket, then call
> into tproxy, and then connect() and ta da -- everything works as expected.
>
> Now I decide that that app should not connect to 1.2.3.4, but instead to
> 1.2.3.5. I don't want to modify the source and restart it, so I add a nat
> rule in the iptables nat/OUTPUT chain to DNAT the address to 1.2.3.5.
>
> The app now (unknowingly) connects to 1.2.3.5, that works fine. But.. the
> source address used for the connection is now the source address of the box
> and not anymore 5.6.7.8? :((
>
> Is this a case of "Don't do that, then!!"?
>
> I'm using "tproxy-2.4.22-1.1.3.diff" patched into a Red Hat 2.4.20 kernel
> (2.4.20-20.9 to be exact) on a uniproc P4 2.4GHz, 1G RAM.
>
>
> cheers,
> Lennert
> _______________________________________________
> tproxy mailing list
> tproxy@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy