[tproxy] netcat for tproxy (and additional noob questions)

John Lauro john.lauro at covenanteyes.com
Sun Jul 5 14:42:48 CEST 2009



I am new to the list, and couldn't find this discussed in the archives:


Does anyone have a working version of nc/netcat that supports tproxy?  There
appears to be several implementations of netcat, but only found patches for
a version that appears not to be available any longer.  I made a patch to
netcat, but it's not working and so I am not certain if it's a problem with
my patch or my ip tables setup (probably the later).  Specific links to
versions of netcat and patch for it would be appreciated.


I do have kernel and latest (or at least not more than a couple
months old) iptables.



A quick sanity check that the following is possible:  (99.9% sure based on
other comments on the list)

1.       Want to have a box with two NICs between the internet and local
machines, basically a router.  (Although a bridge might be even better).

2.       Have that machine intercept all connections from local machines ->
internet with tproxy on all ports, and create matching connections using src
ip of original machines -> internet.  (Interception of connections the other
way, internet -> local machines is not required, but will not hurt, but
obviously they have to be able to at least forward through ok).

3.       Do some custom stuff on the streams mainly for monitoring, and also
a little manipulation (mainly http redirects).


Assuming the above is possible, will it be possible to keep the same source
port number on the outgoing connections?  (Which would mean two connections
with the same src/dst pairs, but communicating on different interfaces).


What should the ip tables rules look like for this to function?  


Most of the examples I found are for more specific cases, such as for use
with squid on just port 80.  I am not certain I understand fully the
interaction between the rules for iptables and the interaction with tproxy.
Is there someplace this is all documented, along with all the details from a
programmer perspective such as the use of setsockopt? (I think I just need
updated man pages?)



Thanks in advance for any help/advice.  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20090705/f20ba1d9/attachment.htm 

More information about the tproxy mailing list