[tproxy] Ziproxy with Tproxy problem-- Client IP spoofing does not work

Masih Nilforoushan m.nilforoushan at gmail.com
Thu Aug 26 20:11:12 CEST 2010


Hi folks,

I have implemented Ziproxy for HTTP compression and web acceleration
on Ubuntu 9 with Kernel 2.6.35.3. I compiled the Kernel for tproxy and
Socket match and implemented iptables with  socket andredirect rules
along with Iproute2 commands.
I need to spoof the client IP addresses so that remote web servers can
see the clients real IP addresses rather than Ziproxy's IP address.
I couldn't find any specific document on the Internet stating that
Ziproxy is compatible with tproxy. However, I compiled and installed
everything from scratch without any errors. But the problem is that
when I add the following lines into iptables, my ziproxy does not
respond to clients request any more and they can browse anything.

      iptables -t mangle -N DIVERT
      iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
      iptables -t mangle -A DIVERT -j MARK --set-mark 1
      iptables -t mangle -A DIVERT -j ACCEPT

      iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 8080


 I traced the problem and find out that my box does not operate with
tproxy. When it receives the clients request , it doesn't respond and
doesn't open any socket towards the remote server.
Can anybody please tell me if Ziproxy supports tproxy and IP spoofing?
If it supports, what is wrong with my implementation?

Thanks,

Masih


More information about the tproxy mailing list