[tproxy] Redirect to proxy via TPROXY target didn't work.
Mohamed Badri
mohamed at sysnode.net
Fri Nov 9 10:07:00 CET 2007
Hello,
thanks for this informations,
I'm using zorp 3.1.12 with tproxy 4.0.3 on kernel 2.6.22.
I think that tproxy table is after nat table, as if i disable my netmap
rules ( prerouting )
int nat table, the redirection to zorp work.
So I need to use only netmap on postrouting in nat table for source-nat, and
use
OneToOneMultiNat on zorg configuration for destination-nat ( I have to do
source and destination nat
on the same box. )
But, in this case : the requests sent by zorp to the destination server is
done with the
box ip and not the client's ip.
For now :
1/ Source Nat is done in postrouting nat table with Netmap target
2/ Destination Nat is done by zorp ( OneToOneMultiNat )
How can I do to force zorp to use the client's ip as ip source whe it
connect to the destination server ?
thank's a lot.
2007/11/9, Laszlo Attila Toth <panther at balabit.hu>:
>
> Hello,
>
> Mohamed Badri wrote:
> > Hi,
> >
> > I'm running Linux 2.6.22, Iptables 1.3.8, with Tproxy 4.0.3 patches
> >
> > I've added the following rules in iptables :
> >
> > iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
> > TPROXY --on-port 50080
> > iptables -t tproxy -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
> > TPROXY --on-port 50080
> >
> > but nothing happens, connexions to port 80 are not redirected to local
> > port 50080.
>
> Did you use IP_FREEBIND socket option in your program on the listening
> socket? Without it the tproxy only works if you load iptable_tproxy with
> the tproxy_any=1 module parameter:
>
> modprobe iptable_tproxy tproxy_any=1
>
>
> >
> > Can I use NETMAP target in nat table while using tproxy ?
>
> I'm not sure, probably no. The tproxy table is before nat also if the
> TPROXY target changes the local route (the packet is diverted) then the
> NETMAP may change this also the packets may not arrive to the listening
> socket.
>
>
> --
> Panther
>
--
----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20071109/efb6eee7/attachment.htm
More information about the tproxy
mailing list