[tproxy] doing SNAT after tproxy doing IP spoofing

Kannan Sampath kannankvs at gmail.com
Tue Aug 21 10:39:42 CEST 2007


Hi,
I am looking for a solution, where I want to use TPROXY to do the IP
spoofing, followed by SNAT.
When I tried to add a rule in POSTROUTE nat iptable for my SNAT, it is never
hit.

In my case, the user machine's IP addr is 10.0.0.1 <http://80.0.0.1/_>, and
the IP address of the Squid machine on user side is
10.0.0.99<http://80.0.0.99/_>.
User's http packet arrives Squid machine. I have already applied tproxy
patch. The IP address of Squid machine's physical interface on internet side
is 90.0.0.99 <http://90.0.0.99/_>. When the Squid establishes connection
with internet server, lets say google.com <http://google.com/_> (IP address
is 150.0.0.1 <http://150.0.0.1/_> example), then the packet has to go with
SourceIP address as 70.0.0.1
I have a static SNAT for the user IP address as follows in POSTROUTE nat
iptable as "10.0.0.1 <http://80.0.0.1/_> <---> 70.0.0.1 <http://70.0.0.1/_>
".

i.e, After doing the IP Spoofing, we need to apply static NAT.


With TPROXY, it is not working as I expected. Instead, it is sending the
packet with source IP addr as 10.0.0.1.

How do we resolve this issue?

Thanks in advance, and sorry for the big email.

Regards,
Kannan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20070821/90ebcbeb/attachment.htm 


More information about the tproxy mailing list