[tproxy] netcat for tproxy (and additional noob questions)
KOVACS Krisztian
hidden at sch.bme.hu
Tue Jul 7 14:02:32 CEST 2009
Hi,
On Tue, Jul 07, 2009 at 07:49:17AM -0400, John Lauro wrote:
> > I have a very simplistic patch for netcat here:
> >
> > http://home.sch.bme.hu/~piglet/netfilter/tproxy/netcat-ip_transparent-
> > support.patch
>
> I think I came across that patch before. The problem is I can not find that
> version (1.10) of netcat anywhere. Found some places that mention being
> pointers to it, but dead links... It appears there a new GNU version that
> has lower version number, and also a BSD version, but it is way different
> too (or at least different enough that the patch doesn't apply).
I think it was based on Debian netcat, so you could give the Debian
version a try:
ftp://ftp.debian.org/debian/pool/main/n/netcat/
> > Reusing the original port is usually a bad idea. A notable example of
> > things breaking is Netfilter connection tracking, which gets confused
> > if
> > you reuse the exact same endpoints for a different connection.
>
> Technically they are not the exact same if you include the interface. If it
> doesn't consider the interface then they would appear the same.
Netfilter conntrack is interface agnostic -- and you're right that it's
exactly that what's causing the problem here.
--
KOVACS Krisztian
More information about the tproxy
mailing list