[tproxy] CentOS 5.1 and Tproxy4

Mike Adkins mike at a3rocks.com
Wed Jun 11 17:28:11 CEST 2008

Hello everyone.

CentOS 5.1
Kernel: Linux centos5.a3rocks.com #1 SMP Sun Jun 8 11:15:19 EDT 2008 i686 athlon i386 GNU/Linux

tproxy patch: tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2
iptables: 1.4
iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794.patch

I think everything went well on the patching of the kernel and patching of iptables.  So here is where I am.  I am using the latest version of haproxy, which should work.

I think the issue that I am having is due to the iptables.  I don't think iptables is letting haproxy connect to the secondary host server.  So haproxy is listening on port 50080, which is where I have tproxy sitting.  Please take a look at my iptables entry and tell me if I am missing anything.  I can see that my connection hits the proxy server, but it does not relay to the secondary host.

Here is my iptables:
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080
ip rule add fwmark 1 lookup 100
ip route add local dev lo table 100
/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT

The ip for the proxy, where tproxy is sitting is and the host server(running IIS) is 192.1680.06.

I would like to use squid, but I am not familiar with it, like I am with haproxy.

Any info would be appreciated.  I am stuck now.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20080611/038dc5bd/attachment.htm 

More information about the tproxy mailing list