[tproxy] libipt_TPROXY.so not compiled

Laszlo Attila Toth panther at balabit.hu
Mon Sep 3 15:50:19 CEST 2007 

Hello,

which version of TProxy do you use? libipt_tproxy.c exists only in old
versions  up to 4.0.0. But since 4.0.1 it is libxt_tproxy.c.
Directory name is tproxy-4.0.1-2.6.22 - it should work. I cannot figure
out how can the filename differs from that one if the iptables source
directory is /usr/src/iptables-1.3.8 and you used the patch named as
iptables-r7008-tproxy.diff plus the patch in my previous letter.

By the way what is the output of extensions/.tproxy-testx script?

There is a newer release of tproxy: 4.0.2 - a small fix with modified
iptables.

707ada21efaa107a5c0d7218c5284239  tproxy-4.0.2-2.6.22.tgz


Lachlan Bowes wrote:
> Hello Laszlo,
> 
> I am still seeing this problem.
> 
> root at syd-log01:/etc# iptables -A INPUT -m tproxy -j ACCEPT
> iptables v1.3.8: Couldn't load match
> `tproxy':/usr/local/lib/iptables/libipt_tproxy.so: cannot open shared
> object file: No such file or directory
> 
> Try `iptables -h' or 'iptables --help' for more information.
> root at syd-log01:/etc#
> root at syd-log01:/etc# ls -la /usr/local/lib/iptables/libipt_tproxy.so
> ls: /usr/local/lib/iptables/libipt_tproxy.so: No such file or directory
> root at syd-log01:/etc# locate libipt_tproxy.so
> root at syd-log01:/etc# locate libipt_tproxy.c
> /usr/src/iptables-1.3.8/extensions/libipt_tproxy.c
> root at syd-log01:/etc#
> 
> So my problem is more that I cannot get libipt_tproxy.c to compile.
> 
> root at syd-log01:/usr/src/iptables-1.3.8# make > make.log
> libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used
> ar: creating libiptc/libiptc.a
> libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used
> ar: creating libipq/libipq.a
> root at syd-log01:/usr/src/iptables-1.3.8# grep tproxy make.log
> root at syd-log01:/usr/src/iptables-1.3.8#
> 
> 
> 
> Laszlo Attila Toth wrote:
>> Hello,
>>
>> I forgot to set address family in libxt_tproxy.c (match), but
>> libxt_TPROXY.c (target) works well.
>> Patch is attached.
>>
>> You should use the target as:
>>
>> iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other
>> parameters>
>> or
>> iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other
>> parameters>
>>
>> and
>> iptables -A INPUT -m tproxy -j ACCEPT
>>
>> TPROXY target should  be used only in the tproxy table's PREROUTING
>> chain and tproxy match should be used in filter table's INPUT chain.
>> Also you shouldn't write  ... -m tproxy ... -j TPROXY
>>
>>
>>
>> Lachlan Bowes írta:
>>   
>>> Have any of you seen this before?
>>>
>>> I followed instructions in README, but to no avail.
>>>
>>> Apologies if this is obvious but I am from a FreeBSD background, linux
>>> is not my normal OS so environment is foreign to me.
>>>
>>> Regards,
>>>     Lachlan
>>>
>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a
>>> Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux
>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22#
>>>
>>>
>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
>>> PREROUTING -j TPROXY --on-port 3128
>>> iptables v1.3.8: Unknown arg `--on-port'
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
>>> PREROUTING -j TPROXY
>>> iptables v1.3.8: Couldn't load target
>>> `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared
>>> object file: No such file or directory
>>>
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod  | grep iptable
>>> iptable_filter          3104  0
>>> iptable_tproxy          6468  0
>>> ip_tables              12420  2 iptable_filter,iptable_tproxy
>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22#
>>>   

--
Panther

More information about the tproxy mailing list