[tproxy] tproxy 4.0 & zorp 3.0.8
krauso at explorer.cz
Thu Aug 9 16:48:13 CEST 2007
thanks for your quick reply. After compiling with 2.6.17 kernel it works
better, but still have problems :).
Zorp gets the connection, but connection is immediately closed (reset by
peer) after sending anything. Zorp then timeoutes after 10s.
My iptables rules:
# iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 50080
# iptables -A INPUT -m tproxy -j ACCEPT
Laszlo Attila Toth napsal(a):
> The Linux kernel 2.6.17 and 2.6.22 differs in the netfilter code,
> also tproxy patch differs a little bit too. The tproxy target is ipt_TPROXY in
> 2.6.17 and xt_TPROXY in 2.6.22, but both version will be xt_TPROXY.
> On Thursday 09 August 2007 09.16.40 Ondrej Kraus wrote:
>> [ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TPROXY.h ] && echo TPROXY
>> [ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_tproxy.c ] && echo tproxy
>> Tested files are not included in kernel patch. I found ipt_TPROXY.h in
>> patch for Ubuntu kernel and ipt_TPROXY.c in the same patch, but not
> The current files:
> * tproxy table
> * tproxy target
> In ubuntu-2.6.17 (it will be the same as in 2.6.22)
> in 2.6.22
> * tproxy match
>> # iptables -A INPUT -m tproxy -j ACCEPT
>> produces 'Invalid argument'
> Strange. 2.6.17 works well. I will check it.
>> I think that it is obvious that I am new in Zorp/tproxy and these
>> problems might be very trivial to resolve, but I cannot find anything
>> useful to find resolusion.
> TProxy 4 is new and the 2.6.22 is not fully tested: when INPUT chain empty in
> the filter table and its default policy is accept it works.
vedouci oddeleni technickych sluzeb
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 409 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20070809/4f818e81/attachment.vcf
More information about the tproxy