[tproxy] TPROXY + Cisco Firewall
Laszlo Attila Toth
panther at balabit.hu
Mon Aug 13 10:13:15 CEST 2007
On Sunday 12 August 2007 00.28.07 Jojy Varghese wrote:
> Hi all
> 3.
> I have verified my changes by creating a REDIRECTION rule in the tproxy
> chain (can list my iptable changes by doing "iptables -t tproxy -L")
Hello,
For instance a client try to connect to a webserver somewhere on the Internet
listening on port 80, and your proxy is listening on port 50080. The iptables
rule that redirects packets to that port is the following:
iptables -t tproxy -p tcp --dport 80 -j TPROXY --on-port 50080
The next one is to allow incomming traffic on that port. Because the TPROXY
target marks the packet, the following rule accepts these packets:
iptables -t filter -A INPUT -m tproxy -j ACCEPT
A tutorial is available here:
http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/
--
Regards,
Laszlo Attila Toth
More information about the tproxy
mailing list