[tproxy] tproxy setup resulting in martian logging
Igmar Palsenberg
maillist@jdimedia.nl
Mon, 2 Aug 2004 22:45:09 +0200 (CEST)
Hi,
I've got a 2.4.26 kernel with grsec + openswan + tproxy support. I want to
redirect specific destinations to a proxy on the local machine. An example
:
redirect all trafic to port 12345 to the proxy on 127.0.0.1:12345. The
iptables rule :
iptables -t tproxy -A PREROUTING -p tcp -d 0.0.0.0/0 --dport 12345 -j
TPROXY --on-port 12345 --on-ip 127.0.0.1
Doing a telnet to some IP on port 12345 results in :
Aug 2 21:43:28 fw kernel: martian destination 127.0.0.1 from 10.1.1.52,
dev eth1
where 10.1.1.52 is the machine initiating the telnet, 10.1.1.1 is the
machine where the packet enters the IP stack on eth1.
The relevant function in this case seems to be ip_route_input_slow() in
net/ipv4/route.c. The behaviour is logical, but prevents tproxy support
from working in this case.
Any suggestions ???
Regards,
Igmar