[tproxy] Redirect to proxy via TPROXY target didn't work.
Laszlo Attila Toth
panther at balabit.hu
Fri Nov 9 09:14:42 CET 2007
Hello,
Mohamed Badri wrote:
> Hi,
>
> I'm running Linux 2.6.22, Iptables 1.3.8, with Tproxy 4.0.3 patches
>
> I've added the following rules in iptables :
>
> iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
> TPROXY --on-port 50080
> iptables -t tproxy -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
> TPROXY --on-port 50080
>
> but nothing happens, connexions to port 80 are not redirected to local
> port 50080.
Did you use IP_FREEBIND socket option in your program on the listening
socket? Without it the tproxy only works if you load iptable_tproxy with
the tproxy_any=1 module parameter:
modprobe iptable_tproxy tproxy_any=1
>
> Can I use NETMAP target in nat table while using tproxy ?
I'm not sure, probably no. The tproxy table is before nat also if the
TPROXY target changes the local route (the packet is diverted) then the
NETMAP may change this also the packets may not arrive to the listening
socket.
--
Panther
More information about the tproxy
mailing list