[tproxy] tproxy LISTEN proxy does not work.

Yoshioka Tsuneo tsuneo.yoshioka at f-secure.com
Fri Jan 12 06:10:25 CET 2007 

Hello

When I tried to listen proxy using tproxy like following, it does not
work to be intented.
  Structure: Client <===> Proxy <===> Server

  1. On Proxy, listen on the port 9999.
  2. On Proxy, assign Server:2000 using TPROXY_ASSIGN, and set
     ITP_LISTEN flag.
  3. Client connect to Server:2000.
  4. Proxy steal connection using tproxy.(using ITP_LISTEN)
  5. Proxy connect to Server:2000.

On "4.", Proxy should connect server:2000 on "4.". But, actually, proxy
connect to Proxy:9999.

Packet capturing result is like following.
(*) line is "5.". It should be like "10.65.3.100.47886 > 10.65.3.110.2000".
=========================================================
13:12:30.957695 10.65.1.208.5495 > 10.65.3.110.2000: S 2155077236:2155077236(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
13:12:30.957821 10.65.1.208.5495 > 10.65.3.100.9999: S 2155077236:2155077236(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
13:12:30.957837 10.65.3.110.2000 > 10.65.1.208.5495: S 754591780:754591780(0) ack 2155077237 win 5840 <mss 1460,nop,nop,sackOK> (DF) [ttl 1]
13:12:30.957860 10.65.3.110.2000 > 10.65.1.208.5495: S 754591780:754591780(0) ack 2155077237 win 5840 <mss 1460,nop,nop,sackOK> (DF) [ttl 1]
13:12:30.957874 10.65.1.208.5495 > 10.65.3.110.2000: . ack 1 win 65535 (DF)
13:12:30.957884 10.65.1.208.5495 > 10.65.3.100.9999: . ack 754591781 win 65535 (DF)
(*)13:12:30.958069 10.65.3.100.47886 > 10.65.3.100.9999: S 765420716:765420716(0) win 5840 <mss 1460,sackOK,timestamp 1284404 0,nop,wscale 2> (DF)
13:12:30.958096 10.65.3.110.2000 > 10.65.3.100.47886: S 756210562:756210562(0) ack 765420717 win 32768 <mss 16396,sackOK,timestamp 1284404 1284404,nop,wscale 2> (DF) [ttl 1]
13:12:30.958116 10.65.3.100.47886 > 10.65.3.100.9999: . ack 756210563 win 1460 <nop,nop,timestamp 1284404 1284404> (DF)
13:12:30.958152 10.65.3.100.47886 > 10.65.3.100.9999: P 0:10(10) ack 1 win 1460 <nop,nop,timestamp 1284404 1284404> (DF)
13:12:30.958164 10.65.3.110.2000 > 10.65.3.100.47886: . ack 11 win 8192 <nop,nop,timestamp 1284404 1284404> (DF) [ttl 1]
=========================================================
IP address is like following.
  Client: 10.65.1.208
  Proxy: 10.65.3.100
  Server: 10.65.3.110

Test code is attached.

I have confirmed the issue on both:
  "linux-2.6.19.1" with "cttproxy-2.6.19-2.0.6"
    and
  "linux-2.4.31" with "cttproxy-2.4.31-2.0.2"



I guess that the connection is NAT'ed. But I cannot find the way to
connect Server:2000.
This scenario happens while ftp data connection. For about ftp itself, using
ip_nat_ftp seems solve the issue. 
But, can I get any information(reason, advice), if possible ?


Thank you !

-- 
(Nihon F-Secure Corporation)
Yoshioka Tsuneo
E-MAIL: Tsuneo.Yoshioka at f-secure.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: foreign-tcp-listen-proxy.c
Type: application/octet-stream
Size: 3516 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20070112/a7834fa1/foreign-tcp-listen-proxy.obj

More information about the tproxy mailing list