[tproxy] Patching iptables

Nguyen Nguyen n3nguyen at gmail.com
Thu Apr 6 19:46:47 CEST 2006

Thanks for the response.

Here's my problem:
I'm running foreign-tcp-connect on a machine (say to fake a source
address (say port 9999) when connecting to a web server.  I get a
connect timeout.

At the webserver, when I do a tcpdump, it seems that only the port is being
faked, not the IP address.  That is, the tcpdump output shows that I'm
trying to connect from port 9999.

If I use as the fake IP address, it works.  Has anyone experienced
this problem?  What am I missing?

My setup:
Linux kernel (pristine) patched with tproxy-2.6.15-2.0.4

Many thanks,

On 4/6/06, Jan Engelhardt <jengelh at linux01.gwdg.de> wrote:
> >Q:  Is patching the iptables userspace necessary if I just want to fool
> >around with the example programs, say foreign-tcp-connect?
> >
> No, only if you want to modify the kernel ip tables.
> (Which is not required if you only want to fake addresses.)
> Jan Engelhardt
> --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20060406/e81796c7/attachment.html

More information about the tproxy mailing list