[tproxy] libipt_TPROXY.so not compiled

Lachlan Bowes lbowes at wix.com.au
Tue Sep 4 01:55:45 CEST 2007 

Hello Laszlo,

I downloaded the latest tproxy version and tried from scratch and
attempted the below.

root at syd-log01:/root# tar -zxf tproxy-4.0.2-2.6.22.tgz
root at syd-log01:/root# cd /usr/src/iptables-1.3.6/
root at syd-log01:/usr/src/iptables-1.3.6# cat
/root/tproxy-4.0.2-2.6.22/patches/
iptables-svn.diff  tproxy.diff       
root at syd-log01:/usr/src/iptables-1.3.6# cat
/root/tproxy-4.0.2-2.6.22/patches/iptables-svn.diff | patch -p1
patching file extensions/libip6t_tproxy.man
patching file extensions/libipt_tproxy.man
patching file extensions/libipt_TPROXY.man
patching file extensions/libxt_tproxy.c
patching file extensions/libxt_TPROXY.c
patching file extensions/libxt_tproxy.c.old
patching file extensions/Makefile
Hunk #1 succeeded at 25 (offset -4 lines).
Hunk #2 succeeded at 127 (offset -19 lines).
Hunk #3 succeeded at 141 (offset -19 lines).
Hunk #4 succeeded at 155 (offset -19 lines).
Hunk #5 succeeded at 169 (offset -19 lines).
patching file extensions/.tproxy-testx
root at syd-log01:/usr/src/iptables-1.3.6#
root at syd-log01:/usr/src/iptables-1.3.6# chmod +x extensions/.tproxy-testx
root at syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux >
make.log
libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used
ar: creating libiptc/libiptc.a
libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used
ar: creating libipq/libipq.a
root at syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log
root at syd-log01:/usr/src/iptables-1.3.6#
root at syd-log01:/usr/src/iptables-1.3.6# ls -la extensions/ | grep -i proxy
-rw-r--r-- 1 root root     51 2007-09-04 16:40 libip6t_tproxy.man
-rw-r--r-- 1 root root     51 2007-09-04 16:40 libipt_tproxy.man
-rw-r--r-- 1 root root    790 2007-09-04 16:40 libipt_TPROXY.man
-rw-r--r-- 1 root root   1914 2007-09-04 16:40 libxt_tproxy.c
-rw-r--r-- 1 root root   3065 2007-09-04 16:40 libxt_TPROXY.c
-rw-r--r-- 1 root root   1495 2007-09-04 16:40 libxt_tproxy.c.old
-rwxr-xr-x 1 root root    100 2007-09-04 16:40 .tproxy-testx
root at syd-log01:/usr/src/iptables-1.3.6#
root at syd-log01:/usr/src/iptables-1.3.6#
/usr/src/iptables-1.3.6/extensions/.tproxy-testx
root at syd-log01:/usr/src/iptables-1.3.6#
root at syd-log01:/usr/src/iptables-1.3.6# locate xt_TPROXY.h
/usr/src/linux-2.6.22.3/include/linux/netfilter/xt_TPROXY.h
root at syd-log01:/usr/src/iptables-1.3.6#
root at syd-log01:/usr/src/iptables-1.3.6# export KERNEL_DIR="/usr/src/linux"
root at syd-log01:/usr/src/iptables-1.3.6#
/usr/src/iptables-1.3.6/extensions/.tproxy-testx
TPROXY
tproxy
root at syd-log01:/usr/src/iptables-1.3.6#

root at syd-log01:/usr/src/iptables-1.3.6# make clean
(( removed all the usual stuff ))

root at syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux >
make.log
libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used
ar: creating libiptc/libiptc.a
libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used
ar: creating libipq/libipq.a
root at syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log
root at syd-log01:/usr/src/iptables-1.3.6#
/usr/src/iptables-1.3.6/extensions/.tproxy-testx
TPROXY
tproxy
root at syd-log01:/usr/src/iptables-1.3.6#




Regards,
    Lachlan














Laszlo Attila Toth wrote:
> Hello,
>
> which version of TProxy do you use? libipt_tproxy.c exists only in old
> versions  up to 4.0.0. But since 4.0.1 it is libxt_tproxy.c.
> Directory name is tproxy-4.0.1-2.6.22 - it should work. I cannot figure
> out how can the filename differs from that one if the iptables source
> directory is /usr/src/iptables-1.3.8 and you used the patch named as
> iptables-r7008-tproxy.diff plus the patch in my previous letter.
>
> By the way what is the output of extensions/.tproxy-testx script?
>
> There is a newer release of tproxy: 4.0.2 - a small fix with modified
> iptables.
>
> 707ada21efaa107a5c0d7218c5284239  tproxy-4.0.2-2.6.22.tgz
>
>
> Lachlan Bowes wrote:
>   
>> Hello Laszlo,
>>
>> I am still seeing this problem.
>>
>> root at syd-log01:/etc# iptables -A INPUT -m tproxy -j ACCEPT
>> iptables v1.3.8: Couldn't load match
>> `tproxy':/usr/local/lib/iptables/libipt_tproxy.so: cannot open shared
>> object file: No such file or directory
>>
>> Try `iptables -h' or 'iptables --help' for more information.
>> root at syd-log01:/etc#
>> root at syd-log01:/etc# ls -la /usr/local/lib/iptables/libipt_tproxy.so
>> ls: /usr/local/lib/iptables/libipt_tproxy.so: No such file or directory
>> root at syd-log01:/etc# locate libipt_tproxy.so
>> root at syd-log01:/etc# locate libipt_tproxy.c
>> /usr/src/iptables-1.3.8/extensions/libipt_tproxy.c
>> root at syd-log01:/etc#
>>
>> So my problem is more that I cannot get libipt_tproxy.c to compile.
>>
>> root at syd-log01:/usr/src/iptables-1.3.8# make > make.log
>> libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used
>> ar: creating libiptc/libiptc.a
>> libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used
>> ar: creating libipq/libipq.a
>> root at syd-log01:/usr/src/iptables-1.3.8# grep tproxy make.log
>> root at syd-log01:/usr/src/iptables-1.3.8#
>>
>>
>>
>> Laszlo Attila Toth wrote:
>>     
>>> Hello,
>>>
>>> I forgot to set address family in libxt_tproxy.c (match), but
>>> libxt_TPROXY.c (target) works well.
>>> Patch is attached.
>>>
>>> You should use the target as:
>>>
>>> iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other
>>> parameters>
>>> or
>>> iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other
>>> parameters>
>>>
>>> and
>>> iptables -A INPUT -m tproxy -j ACCEPT
>>>
>>> TPROXY target should  be used only in the tproxy table's PREROUTING
>>> chain and tproxy match should be used in filter table's INPUT chain.
>>> Also you shouldn't write  ... -m tproxy ... -j TPROXY
>>>
>>>
>>>
>>> Lachlan Bowes írta:
>>>   
>>>       
>>>> Have any of you seen this before?
>>>>
>>>> I followed instructions in README, but to no avail.
>>>>
>>>> Apologies if this is obvious but I am from a FreeBSD background, linux
>>>> is not my normal OS so environment is foreign to me.
>>>>
>>>> Regards,
>>>>     Lachlan
>>>>
>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a
>>>> Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux
>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22#
>>>>
>>>>
>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
>>>> PREROUTING -j TPROXY --on-port 3128
>>>> iptables v1.3.8: Unknown arg `--on-port'
>>>> Try `iptables -h' or 'iptables --help' for more information.
>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
>>>> PREROUTING -j TPROXY
>>>> iptables v1.3.8: Couldn't load target
>>>> `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared
>>>> object file: No such file or directory
>>>>
>>>> Try `iptables -h' or 'iptables --help' for more information.
>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod  | grep iptable
>>>> iptable_filter          3104  0
>>>> iptable_tproxy          6468  0
>>>> ip_tables              12420  2 iptable_filter,iptable_tproxy
>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22#
>>>>   
>>>>         
>
> --
> Panther
>
>
>
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20070904/18e361f1/attachment.pgp

More information about the tproxy mailing list