[tproxy] Can't receive any client packet in the tproxy server
박제호
jhpark at elim.net
Thu Nov 19 03:45:38 CET 2009
Hello everyone and Balazs Scheidler ~
i have one problem, i recently made up the testbed like below to run the tproxy patched apache proxy,
so i applied all iptables and routing rules with reading the readme file [http://www.balabit.com/downloads/files/tproxy/README.txt]
but when the client tried to connect the web server, the packets reached to the box but my tproxy server could not receive any corresponding packet from clients
i want to know why my proxy server can't receive any packet
do i need some DNAT rules ?
testbed:
[client ] <---------> [tproxy patched apache mod_proxy] <--------> [web server]
---------------------------
proxybox
[proxybox]
1. OS: linux 2.6.31.6 vanilla kernel
2. iptables: 1.4.5 , no tproxy patched
3. proxy: tproxy patched [ please refer to the httpd-2.2.9-tproxy.patch ] APACHE 2.2.9
4. iptables and routing rules
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 3128 --tproxy-mark 0x1/0x1
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
iptables -t mangle -A DIVERT -j ACCEPT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20091119/2b8a9160/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: httpd-2.2.9-tproxy.patch
Type: application/octet-stream
Size: 14590 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20091119/2b8a9160/attachment.obj
More information about the tproxy
mailing list