[tproxy] Patching iptables

Nguyen Nguyen n3nguyen at gmail.com
Thu Apr 6 22:52:54 CEST 2006


Hi there,

It turns out that the port isn't being faked either.

I'm only able to connect if I set the foreign IP address equal to the local
IP address and the foreign port equal to the local port.

A tcpdump at the client shows that the IP headers aren't being modified.
It's as if tproxy is creating entries in the hash table (TPROXY_ASSIGN and
the subsequent call to setsockopt() is successful), but isn't overwriting
the approriate fields in the IP headers.

Any thoughts?

N




On 4/6/06, Nguyen Nguyen <n3nguyen at gmail.com > wrote:
>
>  Thanks for the response.
>
> Here's my problem:
> I'm running foreign-tcp-connect on a machine (say 1.2.3.4) to fake a
> source address (say  5.6.7.8 port 9999) when connecting to a web server.
> I get a connect timeout.
>
> At the webserver, when I do a tcpdump, it seems that only the port is
> being faked, not the IP address.  That is, the tcpdump output shows that I'm
> trying to connect from 1.2.3.4 port 9999.
>
> If I use 5.6.7.8 as the fake IP address, it works.  Has anyone experienced
> this problem?  What am I missing?
>
> My setup:
> Linux kernel 2.6.15.3 (pristine) patched with tproxy-2.6.15-2.0.4
>
> Many thanks,
>  N
>
>
>
> On 4/6/06, Jan Engelhardt <jengelh at linux01.gwdg.de > wrote:
> >
> >
> > >Q:  Is patching the iptables userspace necessary if I just want to fool
> > >around with the example programs, say foreign-tcp-connect?
> > >
> > No, only if you want to modify the kernel ip tables.
> > (Which is not required if you only want to fake addresses.)
> >
> >
> > Jan Engelhardt
> > --
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20060406/445fbdb0/attachment.htm


More information about the tproxy mailing list