[tproxy] Tproxy changes for performing dual NAT
Arun S
hi2arun at gmail.com
Fri Oct 12 17:44:31 CEST 2007
Hi Zul,
I do not have a patch for 2.6.19 version of kernel with me.
If I find time, I will get it for you.
But it should be a straight forward change. You can manually do the
changes in the file iptable_tproxy.c and place the changes at
appropriate location.
On 12/10/2007, zulkarnain <sizulku at yahoo.com> wrote:
> Hi Arun,
>
> I my kernel-2.6.19.7 with your patch and seemed it won't work. I got this messages below and I attached you iptable_tproxy.c.rej
>
> [root at squid linux]# patch -p1 -i ../07-linux_aircell_tproxy.patch
> patching file include/linux/netfilter_ipv4/ip_tproxy.h
> patching file net/ipv4/netfilter/ip_tables.c
> Hunk #7 succeeded at 245 (offset -2 lines).
> patching file net/ipv4/netfilter/iptable_tproxy.c
> Hunk #1 succeeded at 43 with fuzz 2 (offset -2 lines).
> Hunk #2 FAILED at 145.
> Hunk #3 succeeded at 120 with fuzz 2 (offset -79 lines).
> Hunk #4 FAILED at 647.
> Hunk #5 succeeded at 831 (offset -4 lines).
> Hunk #6 succeeded at 798 (offset -79 lines).
> Hunk #7 succeeded at 896 (offset -4 lines).
> Hunk #8 succeeded at 837 (offset -79 lines).
> Hunk #9 FAILED at 916.
> patch unexpectedly ends in middle of line
> Hunk #10 succeeded at 993 with fuzz 1 (offset -34 lines).
> 3 out of 10 hunks FAILED -- saving rejects to file net/ipv4/netfilter/iptable_tproxy.c.rej
> [root at squid linux]#
>
> Do you have a patch that work with kernel-2.6.19.7? Any help would be great. Thanks!
>
> Regards,
> Zul
>
> ----- Original Message ----
> From: Arun S <hi2arun at gmail.com>
> To: zulkarnain <sizulku at yahoo.com>
> Cc: Tproxy <tproxy at lists.balabit.hu>
> Sent: Friday, October 12, 2007 6:40:52 AM
> Subject: Re: [tproxy] Tproxy changes for performing dual NAT
>
> Hi Zul,
>
> Here are the steps to be followed:
>
> 1. Apply Cttproxyv2.0.6 to linux kernel v2.6.18
>
> 2. Apply the given patch for dual NAT
>
> 3. Compile the kernel as usual with TPROXY support enabled.
>
> 4. Run Squid (I have tested it with Squid v 2.6) with tproxy related
> options enabled.
>
> 5. Add TPROXY rule to redirect HTTP packets:
> e.g.: iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY
> --on-port 3128
> [Assuming Squid proxy listens on port 3128]
>
> 6. Add POSTROUTING rule for performing SNAT.
> e.g. Say LAN network is 192.168.1.0/24,
> iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to <Src IP>
>
> Please let me know of any issues along with the kernel version , Squid
> version, iptables rules and your test setup.
>
>
> ____________________________________________________________________________________
> Don't let your dream ride pass you by. Make it a reality with Yahoo! Autos.
> http://autos.yahoo.com/index.html
>
>
>
>
--
Regards,
Arun S.
More information about the tproxy
mailing list