[tproxy] netcat for tproxy (and additional noob questions)

Adrian Chadd adrian.chadd at gmail.com
Wed Jul 8 08:19:41 CEST 2009

2009/7/7 KOVACS Krisztian <hidden at sch.bme.hu>:

>> > Reusing the original port is usually a bad idea. A notable example of
>> > things breaking is Netfilter connection tracking, which gets confused
>> > if
>> > you reuse the exact same endpoints for a different connection.
>> Technically they are not the exact same if you include the interface.  If it
>> doesn't consider the interface then they would appear the same.
> Netfilter conntrack is interface agnostic -- and you're right that it's
> exactly that what's causing the problem here.

So are you saying that the Linux TPROXY4 code as it stands won't
handle the case of a client sending a connection out with a source
port that the TPROXY4 proxy is currently using itself for a client IP
spoofed connection?


More information about the tproxy mailing list