[tproxy] tproxy 4.0 & zorp 3.0.8

Ondrej Kraus krauso at explorer.cz
Thu Aug 9 09:16:40 CEST 2007


Hello,

I have problems with Zorp 3.0.8 (Debian Etch) with tproxy 4.0.0. I
compiled kernel 2.6.22.1 without problems. But then I found that the
patch is incomplete. There is file .tproxy-test in iptables patch:

#!/bin/sh
[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TPROXY.h ] && echo TPROXY
[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_tproxy.c ] && echo tproxy

Tested files are not included in kernel patch. I found ipt_TPROXY.h in
patch for Ubuntu kernel and ipt_TPROXY.c in the same patch, but not
ipt_tproxy.c.

After successfull compilation (I have changed ipt_tproxy.c in
.tproxy-test to ipt_TPROXY.c) I tried to follow README instructions, but
system behaves very strangely.

# iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port
50080
works well, counters increases as traffic flow thru firewall, but Zorp
sees nothing and when I stop Zorp, nothing changes, so I think that
everything is just routed.

# iptables -A INPUT -m tproxy -j ACCEPT
produces 'Invalid argument'

and if I add:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-dest IP:50080
Zorp gets connection, but it hangs and no connection comes out from
firewall.

I think that it is obvious that I am new in Zorp/tproxy and these
problems might be very trivial to resolve, but I cannot find anything
useful to find resolusion.

Thank you for any help.

Ondrej Kraus


-------------- next part --------------
A non-text attachment was scrubbed...
Name: krauso.vcf
Type: text/x-vcard
Size: 409 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20070809/a058bf54/attachment.vcf 


More information about the tproxy mailing list