[tproxy] tproxy 4.0 & zorp 3.0.8

Ondrej Kraus krauso at explorer.cz
Thu Aug 9 16:48:13 CEST 2007 

Hello,

thanks for your quick reply. After compiling with 2.6.17 kernel it works
better, but still have problems :).

Zorp gets the connection, but connection is immediately closed (reset by
peer) after sending anything. Zorp then timeoutes after 10s.

My iptables rules:

# iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 50080
# iptables -A INPUT -m tproxy -j ACCEPT


Ondrej

Laszlo Attila Toth napsal(a):
> Hello,
>
> The Linux kernel 2.6.17 and 2.6.22 differs in the netfilter code,
> also tproxy patch differs a little bit too. The tproxy target is ipt_TPROXY in 
> 2.6.17 and xt_TPROXY in 2.6.22, but both version will be xt_TPROXY.
>
>
> On Thursday 09 August 2007 09.16.40 Ondrej Kraus wrote:
>   
>> #!/bin/sh
>> [ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TPROXY.h ] && echo TPROXY
>> [ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_tproxy.c ] && echo tproxy
>>
>> Tested files are not included in kernel patch. I found ipt_TPROXY.h in
>> patch for Ubuntu kernel and ipt_TPROXY.c in the same patch, but not
>> ipt_tproxy.c.
>>     
>
> The current files:
> * tproxy table
>      net/ipv4/netfilter/iptable_tproxy.c     
> * tproxy target
>    In ubuntu-2.6.17 (it will be the same as in 2.6.22)
>      net/ipv4/netfilter/ipt_TPROXY.c
>      include/linux/netfilter_ipv4/ipt_TPROXY.h
>   in 2.6.22
>      net/netfilter/xt_TPROXY.c
>      include/linux/netfilter/xt_TPROXY.h
> * tproxy match
>      net/netfilter/xt_tproxy.c
>
>   
>> # iptables -A INPUT -m tproxy -j ACCEPT
>> produces 'Invalid argument'
>>     
>
> Strange. 2.6.17 works well. I will check it.
>
>   
>> I think that it is obvious that I am new in Zorp/tproxy and these
>> problems might be very trivial to resolve, but I cannot find anything
>> useful to find resolusion.
>>     
>
> TProxy 4 is new and the 2.6.22 is not fully tested: when INPUT chain empty in 
> the filter table  and its default policy is accept it works.
>
>   

-- 

Ondrej Kraus
vedouci oddeleni technickych sluzeb
Explorer a.s.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: krauso.vcf
Type: text/x-vcard
Size: 409 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20070809/4f818e81/attachment.vcf

More information about the tproxy mailing list