[tproxy] tproxy Digest, Vol 26, Issue 11

Jojy Varghese jojygv at yahoo.com
Mon Aug 13 19:23:20 CEST 2007


Hi 
  Thanks for your response. I am able to get the traffic redirected to my proxy server port. But the whole behavior is as if the tproxy kernel patch is not applied. In other words, on the web server I see that the request is coming from my proxy server and not from the client. The client IP is not getting rewritten.

Any help is much apprciated.

thanks again,
Jojy

----- Original Message ----
From: "tproxy-request at lists.balabit.hu" <tproxy-request at lists.balabit.hu>
To: tproxy at lists.balabit.hu
Sent: Monday, August 13, 2007 3:00:05 AM
Subject: tproxy Digest, Vol 26, Issue 11

Send tproxy mailing list submissions to
    tproxy at lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit
    https://lists.balabit.hu/mailman/listinfo/tproxy
or, via email, send a message with subject or body 'help' to
    tproxy-request at lists.balabit.hu

You can reach the person managing the list at
    tproxy-owner at lists.balabit.hu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tproxy digest..."


Today's Topics:

   1. Re: TPROXY + Cisco Firewall (Laszlo Attila Toth)


----------------------------------------------------------------------

Message: 1
Date: Mon, 13 Aug 2007 10:13:15 +0200
From: Laszlo Attila Toth <panther at balabit.hu>
Subject: Re: [tproxy] TPROXY + Cisco Firewall
To: tproxy at lists.balabit.hu
Message-ID: <200708131013.16001.panther at balabit.hu>
Content-Type: text/plain;  charset="utf-8"

On Sunday 12 August 2007 00.28.07 Jojy Varghese wrote:
> Hi all
> 3.
> I have verified my changes by creating a REDIRECTION rule in the tproxy
> chain (can list my iptable changes by doing "iptables -t tproxy -L")

Hello,

For instance a client try to connect to a webserver somewhere on the Internet 
listening on port 80, and your proxy is listening on port 50080. The iptables 
rule that redirects packets to that port is the following:

    iptables -t tproxy -p tcp --dport 80 -j TPROXY --on-port 50080

The next one is to allow incomming traffic on that port. Because the TPROXY 
target marks the packet, the following rule accepts these packets:

    iptables -t filter -A INPUT -m tproxy -j ACCEPT

A tutorial is available here:
    http://www.balabit.hu/network-security/zorp-gateway/gpl/tutorial/


-- 
Regards,
    Laszlo Attila Toth


------------------------------

_______________________________________________
tproxy mailing list
tproxy at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxy


End of tproxy Digest, Vol 26, Issue 11
**************************************







       
____________________________________________________________________________________
Choose the right car based on your needs.  Check out Yahoo! Autos new Car Finder tool.
http://autos.yahoo.com/carfinder/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20070813/333e9d3f/attachment.htm 


More information about the tproxy mailing list