[tproxy] tproxy Digest, Vol 26, Issue 11
Jojy Varghese
jojygv at yahoo.com
Mon Aug 13 19:23:20 CEST 2007
Hi
Thanks for your response. I am able to get the traffic redirected to my proxy server port. But the whole behavior is as if the tproxy kernel patch is not applied. In other words, on the web server I see that the request is coming from my proxy server and not from the client. The client IP is not getting rewritten.
Any help is much apprciated.
thanks again,
Jojy
----- Original Message ----
From: "tproxy-request at lists.balabit.hu" <tproxy-request at lists.balabit.hu>
To: tproxy at lists.balabit.hu
Sent: Monday, August 13, 2007 3:00:05 AM
Subject: tproxy Digest, Vol 26, Issue 11
Send tproxy mailing list submissions to
tproxy at lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/tproxy
or, via email, send a message with subject or body 'help' to
tproxy-request at lists.balabit.hu
You can reach the person managing the list at
tproxy-owner at lists.balabit.hu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of tproxy digest..."
Today's Topics:
1. Re: TPROXY + Cisco Firewall (Laszlo Attila Toth)
----------------------------------------------------------------------
Message: 1
Date: Mon, 13 Aug 2007 10:13:15 +0200
From: Laszlo Attila Toth <panther at balabit.hu>
Subject: Re: [tproxy] TPROXY + Cisco Firewall
To: tproxy at lists.balabit.hu
Message-ID: <200708131013.16001.panther at balabit.hu>
Content-Type: text/plain; charset="utf-8"
On Sunday 12 August 2007 00.28.07 Jojy Varghese wrote:
> Hi all
> 3.
> I have verified my changes by creating a REDIRECTION rule in the tproxy
> chain (can list my iptable changes by doing "iptables -t tproxy -L")
Hello,
For instance a client try to connect to a webserver somewhere on the Internet
listening on port 80, and your proxy is listening on port 50080. The iptables
rule that redirects packets to that port is the following:
iptables -t tproxy -p tcp --dport 80 -j TPROXY --on-port 50080
The next one is to allow incomming traffic on that port. Because the TPROXY
target marks the packet, the following rule accepts these packets:
iptables -t filter -A INPUT -m tproxy -j ACCEPT
A tutorial is available here:
http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/
--
Regards,
Laszlo Attila Toth
------------------------------
_______________________________________________
tproxy mailing list
tproxy at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxy
End of tproxy Digest, Vol 26, Issue 11
**************************************
____________________________________________________________________________________
Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool.
http://autos.yahoo.com/carfinder/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20070813/333e9d3f/attachment.htm
More information about the tproxy
mailing list