[tproxy] netcat for tproxy (and additional noob questions)

Adrian Chadd adrian.chadd at gmail.com
Sun Jul 5 14:52:33 CEST 2009

2009/7/5 John Lauro <john.lauro at covenanteyes.com>:

> Most of the examples I found are for more specific cases, such as for use
> with squid on just port 80.  I am not certain I understand fully the
> interaction between the rules for iptables and the interaction with tproxy.
> Is there someplace this is all documented, along with all the details from a
> programmer perspective such as the use of setsockopt? (I think I just need
> updated man pages?)

Ive been looking to put some better documentation together for what
Lusca does for TPROXY4 (I'm guessing you're talking about that and not

In any case, the process is somewhat like this:

* iptables/routing table setup - http://wiki.squid-cache.org/Features/Tproxy4
* create listen socket
* setsockopt to make it transparent
* bind() to, relevant port that you've redirected traffic to
* listen() as usual

Then, you accept() as usual, use getsockname() to determine the
original destination. Then for the outbound socket:

* create socket
* setsockopt to make it transparent
* bind() to relevant IP (and port, or leave it 0 to let the stack
choose a port IIRC)
* connect() as usual

I haven't yet really looked into the TPROXY4 kernel implementation to
know precisely what is going on. I can't find some clear, concise
documentation either explaining the "how" or "why" behind the iptables
rules and why packets need to be punted via the loopback interface.



More information about the tproxy mailing list