[tproxy] failure to apply snat mapping?

Lennert Buytenhek buytenh@wantstofly.org
Fri, 23 Apr 2004 11:56:04 +0200


Hacked manual dnat support into the app and scheduled a time slot to restart
it, so this question is not all that important to me anymore right now, but
I'm still interested.


On Wed, Apr 21, 2004 at 07:35:37PM +0200, Lennert Buytenhek wrote:

> Hi,
> Let's say that I have an app that connects to IP address, and uses
> tproxy to fake the source address as  Bind the socket, then call
> into tproxy, and then connect() and ta da -- everything works as expected.
> Now I decide that that app should not connect to, but instead to
>  I don't want to modify the source and restart it, so I add a nat
> rule in the iptables nat/OUTPUT chain to DNAT the address to
> The app now (unknowingly) connects to, that works fine.  But.. the
> source address used for the connection is now the source address of the box
> and not anymore :((
> Is this a case of "Don't do that, then!!"?
> I'm using "tproxy-2.4.22-1.1.3.diff" patched into a Red Hat 2.4.20 kernel
> (2.4.20-20.9 to be exact) on a uniproc P4 2.4GHz, 1G RAM.
> cheers,
> Lennert
> _______________________________________________
> tproxy mailing list
> tproxy@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy