[tproxy] tproxy 4.0 & zorp 3.0.8
Laszlo Attila Toth
panther at balabit.hu
Fri Aug 10 11:19:12 CEST 2007
On Thursday 09 August 2007 16.48.13 Ondrej Kraus wrote:
> thanks for your quick reply. After compiling with 2.6.17 kernel it works
> better, but still have problems :).
>
> Zorp gets the connection, but connection is immediately closed (reset by
> peer) after sending anything. Zorp then timeoutes after 10s.
Hello,
By default if you use the TPROXY target to redirect packages to another port,
the program, that is listening on the other port, should use IP_FREEBIND
socket option because without it the packages don't reach the program. If a
program doesn't use this option because it is older such as Zorp 3.0.8 or
compiled by someone else such as netcat, IP_FREEBIND cannot be used also a
module parameter is the solution: to set tproxy_any to 1.
Also try to load iptable_tproxy with tproxy_any=1. It should work.
--
Regards,
Laszlo Attila Toth
More information about the tproxy
mailing list