[tproxy] netcat for tproxy (and additional noob questions)
Adrian Chadd
adrian.chadd at gmail.com
Wed Jul 8 08:19:41 CEST 2009
2009/7/7 KOVACS Krisztian <hidden at sch.bme.hu>:
>> > Reusing the original port is usually a bad idea. A notable example of
>> > things breaking is Netfilter connection tracking, which gets confused
>> > if
>> > you reuse the exact same endpoints for a different connection.
>>
>> Technically they are not the exact same if you include the interface. If it
>> doesn't consider the interface then they would appear the same.
>
> Netfilter conntrack is interface agnostic -- and you're right that it's
> exactly that what's causing the problem here.
So are you saying that the Linux TPROXY4 code as it stands won't
handle the case of a client sending a connection out with a source
port that the TPROXY4 proxy is currently using itself for a client IP
spoofed connection?
Adrian
More information about the tproxy
mailing list