[tproxy] TProxy version 4.0.0 released
Cameron Schaus
cam at schaus.ca
Thu Aug 2 19:55:57 CEST 2007
On Thu, Aug 02, 2007 at 01:25:39PM +0200, Laszlo Attila Toth wrote:
> For binding to foreign address you should echo 1
> into /proc/sys/net/ipv4/ip_nonlocal_bind file, this may help.
>
> By the way if you set the IP_FREEBIND you don't need to use tproxy_any=1
> module parameter. In the tproxy table it is tested whether either IP_FREEBIND
> or tproxy_any is set or not.
I have tried each of the above methods, but there are still problems.
I have tracked the problem down the my use of a bridge.
The foreign connect worked correctly on my test machines when I
configured a single interface, eth1, with a local IP address, bound to
the foreign address and issued the connect.
When I configured a bridge, and repeated the test, I see the same
behaviour I did yesterday. The machine trying to connect ends up
arping the foriegn IP address.
Here is what I'm doing:
# modprobe xt_tproxy
# modprobe iptable_tproxy
# sysctl -w net.ipv4.ip_non_local_bind=1
# modprobe bridge
# brctl addbr br0
# brctl addif br0 eth0
# brctl addif br0 eth1
# ifconfig br0 LOCAL_IP netmask LOCAL_MASK
# add static arp for foreign address on web server
# ./foreign-connect
(this issues a bind to the foreign IP prior to connecting)
Where can I look to correct this issue? Is iptables prerouting too
late when dealing with packets arriving on a bridge interface?
Thanks,
Cam
More information about the tproxy
mailing list