[tproxy] Ziproxy with Tproxy problem-- Client IP spoofing does not work
Masih Nilforoushan
m.nilforoushan at gmail.com
Thu Aug 26 20:11:12 CEST 2010
Hi folks,
I have implemented Ziproxy for HTTP compression and web acceleration
on Ubuntu 9 with Kernel 2.6.35.3. I compiled the Kernel for tproxy and
Socket match and implemented iptables with socket andredirect rules
along with Iproute2 commands.
I need to spoof the client IP addresses so that remote web servers can
see the clients real IP addresses rather than Ziproxy's IP address.
I couldn't find any specific document on the Internet stating that
Ziproxy is compatible with tproxy. However, I compiled and installed
everything from scratch without any errors. But the problem is that
when I add the following lines into iptables, my ziproxy does not
respond to clients request any more and they can browse anything.
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 8080
I traced the problem and find out that my box does not operate with
tproxy. When it receives the clients request , it doesn't respond and
doesn't open any socket towards the remote server.
Can anybody please tell me if Ziproxy supports tproxy and IP spoofing?
If it supports, what is wrong with my implementation?
Thanks,
Masih
More information about the tproxy
mailing list