doomyster at gmail.com
Thu Feb 11 11:47:54 CET 2010
I would suggest you use:
- iptables 1.4.6: I don't remember if iptables 1.4.2 needs to be patched or not
- linux 2.6.31: yes, it has built-in tproxy. You need options
"Transparent proxying support (EXPERIMENTAL)", "TPROXY" target support
(EXPERIMENTAL) and "socket" match support (EXPERIMENTAL)
Don't use the 2.6.32, something changed about rp_filters and I
couldn't make tproxy to work with it. Maybe someone else know how to
The problem was fixed on the 2.6.33 (which is not yet released), but
you'll need to set a new sysctl call: sysctl
For iptables/ebtables rulez, I based my configuration on this post:
2010/2/11 Alexander Dultsev <alexander.dooltsev at gmail.com>:
> hi Nicolas,
> thanks for the fast reply, and sorry about my spontaneous question - yes,
> it's about using iptables 1.4.2 with a patched Debian kernel 2.6.27-wt6
> (tproxy patch) or not patched 2.6.31 (the 2.6.31 has it in-built, am I
> So, 1) is iptables 1.4.2 + kernel 2.6.31 ok to go for tproxy functionality?
> 2) how would you make it working then?
> On Thu, Feb 11, 2010 at 9:14 AM, nicolas normand <doomyster at gmail.com>
>> I suppose you are speaking of the tproxy table. It was removed some
>> time ago (I don't remember when), now I could make tproxy to work with
>> just the mangle table, and a 2.6.31 or 2.6.33 linux kernel.
>> 2010/2/11 Alexander Dultsev <alexander.dooltsev at gmail.com>:
>> > Hello,
>> > perhaps it's covered in some place here (if so, could you please point
>> > to
>> > the right direction) - is entry iptables_tproxy.ko missing under tproxy
>> > 4.x.x version (so things like 'iptables -F tproxy -L' cannot be called)?
>> > I
>> > can see, for instance, 'iptables_raw' etc, but not the above in my
>> > /lib/modules/... directory.
>> > Thanks,
>> > Alex.
>> > _______________________________________________
>> > tproxy mailing list
>> > tproxy at lists.balabit.hu
>> > https://lists.balabit.hu/mailman/listinfo/tproxy
More information about the tproxy