[tproxy] tproxy Digest, Vol 55, Issue 4

Luiz Biazus luiz at biazus.com
Mon Jan 11 12:05:25 CET 2010


about this procedures:

 ip rule add dev eth0 fwmark 1 lookup 100
 ip rule add dev eth1 fwmark 1 lookup 100
 ip rule add dev br0 fwmark 1 lookup 100


It doesnt works


Thank you  Krisztian





2010/1/11  <tproxy-request at lists.balabit.hu>:
> Send tproxy mailing list submissions to
>        tproxy at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.balabit.hu/mailman/listinfo/tproxy
> or, via email, send a message with subject or body 'help' to
>        tproxy-request at lists.balabit.hu
>
> You can reach the person managing the list at
>        tproxy-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tproxy digest..."
>
>
> Today's Topics:
>
>   1. EADDRNOTAVAIL from connect, but only sometimes (Ron Parker)
>   2. Re: Correct kernel version with tproxy (KOVACS Krisztian)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 10 Jan 2010 19:46:58 -0500
> From: Ron Parker <rparker at movik.net>
> Subject: [tproxy] EADDRNOTAVAIL from connect, but only sometimes
> To: "tproxy at lists.balabit.hu" <tproxy at lists.balabit.hu>
> Message-ID:
>        <5D6AFCAC2AD9424D816711D1AF4FE8441BDE791924 at MAILR014.mail.lan>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> We are using the tproxy patch for Linux 2.6.24 (Ubuntu 8.0.4).   When placing outgoing connections, we use the original socket address (4-tuple)  in the bind and set SO_REUSEADDR on the socket.   The sequence we are having difficulty with is:
>
>
> *         Client connects to transparent proxy
>
> *         Transparent proxy connects to remote server
>
> *         Normal data transfer...
>
> *         Remote server closes the connection (but client connection is maintained)
>
> *         Transparent proxy attempts to connect again to remote server using the original 4-tuple (again)
>
> o   Bind succeeds
>
> o   Connect fails with EADDRNOTAVAIL
>
> The original socket is probably in TIME_WAIT at this point.   I thought the SO_REUSEADDR would take care of the problem.  What am I missing here?
>
> Thanks.
>
>   Ron
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20100110/131ed993/attachment.html
>
> ------------------------------
>
> Message: 2
> Date: Mon, 11 Jan 2010 09:56:14 +0100
> From: KOVACS Krisztian <hidden at balabit.hu>
> Subject: Re: [tproxy] Correct kernel version with tproxy
> To: tproxy at lists.balabit.hu
> Message-ID: <4B4AE7AE.4060601 at balabit.hu>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi,
>
> On 01/09/2010 07:40 PM, Alexandre Correa wrote:
>> What?s the best version of kernel for using tproxy ?
>>
>> 2.6.{28|29|30|31} ?
>>
>> seems with 2.6.32 has issues with.. true ?
>
> .31, I'd say. Yes, 2.6.32 has issues, you either need the workaround
> mentioed on this mailing list a few days ago, or wait for a -stable
> release fixing the issue (2.6.32.3 doesn't have the fix).
>
> Cheers,
> Krisztian
>
>
> ------------------------------
>
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>
>
> End of tproxy Digest, Vol 55, Issue 4
> *************************************
>


More information about the tproxy mailing list