[tproxy] Fail to REDIRECT (of nat table)
wckwon
wckwon at torinet.co.kr
Fri Oct 7 03:05:56 CEST 2005
Hi people,
My network daemon program can't receive any packet from iptables's REDIRECT
after patching cttproxy-2.6.12-2.0.2.tar.gz.
Of course, I checked it out that REDIRECT worked before patching in the
same-kernel.
(So, I tried it in Fedora kernel(2.6.12-1.1376_FC3). It was worse. The
system was halting without any message.)
<<My system configuration>>
Linux-kernel version : 2.6.12 original (no warning, no error when patching)
Gcc version : gcc (GCC) 3.4.4 20050721 (Red Hat 3.4.4-2)
Modules :
Module Size Used by
ipt_REDIRECT 2688 1
ipt_physdev 2832 1
iptable_filter 3584 0
iptable_tproxy 19780 0
iptable_nat 27976 3 ipt_REDIRECT,iptable_tproxy
ip_conntrack 44040 2 iptable_tproxy,iptable_nat
ipt_TPROXY 2688 0
ip_tables 24448 6
ipt_REDIRECT,ipt_physdev,iptable_filter,iptable_tproxy,iptable_nat,ipt_TPROX
Y
video 16388 0
Device Network state : Bridge
bridge name bridge id STP enabled interfaces
br0 8000.00d06809c827 no eth3
eth1
IP table Rule : (iptables -m physdev -t nat -A PREROUTING --physdev-in eth1
-d A.B.C.D -p tcp --dport 80 -j REDIRECT --to-port 2101)
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere A.B.C.D PHYSDEV match
--physdev-in eth1 tcp dpt:http redir ports 2101
CPU info: 2 x Intel(R) Xeon(TM) CPU 3.00GHz (Hiper-Threading : On)
netstat info: (telnet A.B.C.D 80)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 192.168.0.107:2101 192.168.0.101:1147
SYN_RECV
Thanks, in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20051007/34dd52af/attachment.html
More information about the tproxy
mailing list