[tproxy] Tproxy 4 bugs after installation

Anton anton.vazir at gmail.com
Thu Sep 11 15:35:31 CEST 2008 

The problem is known, but seems to be not much interesting 
for anyone who could fix it...

On Thursday 04 September 2008 14:42, Ayham Abou Afach wrote:
> Hi Every body
> i have some problems with tproxy after installation on
> ubuntu server 8.04 AMD 64
> with the following :
>
>     Iptables 1.4.0
>     squid-3.HEAD-20080901
>    
> tproxy-iptables-1.4.0-20080521-113954-1211362794.patch
> tproxy-kernel-2.6.25-20080519-165031-1211208631 Kernel
> 2.6.24.19
>
> with the following rules file for iptables :
>     *mangle
>
>     :PREROUTING ACCEPT [263600:125723686]
>     :INPUT ACCEPT [616826:343701577]
>     :FORWARD ACCEPT [239812:121581975]
>     :OUTPUT ACCEPT [1011781:458569186]
>     :POSTROUTING ACCEPT [1250543:580095901]
>     :DIVERT - [0:0]
>
>     -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY
> --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
>     -A PREROUTING -p tcp -m socket -j DIVERT
>     -A DIVERT -j MARK --set-mark 0x1
>     -A DIVERT -j ACCEPT
>     COMMIT
> and the following ip rules :
>     ip rule add fwmark 1 lookup 100
>     ip route add local 0.0.0.0/0 dev lo table 100
> and enabling nonlocal bind
>     echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
> And with squid configuration
>     http_port 8080 transparent tproxy
>
> And every thing is fine all users are going out with
> their own IP addresses and that what i want
> but there is some problems with post pages and some get
> ones i see these errors in squid cache.log :
>     IPInterception.cc(137) NetfilterInterception:  NF
> getsockopt(SO_ORIGINAL_DST) failed: (11) Resource
> temporarily unavailable
>      commBind: Cannot bind socket FD 60 to
> 192.168.0.2:4288: (98) Address already in use
> and this error in my explorer :
>
> *    Connection to www.yahoo.com failed.*
>
>     The system returned: /(99) Cannot assign requested
> address
>
> /
>
> any body has some about this case HELP please
>
>
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy

More information about the tproxy mailing list