[tproxy] Configuration problems
Stelian Ionescu
sionescu at cddr.org
Thu Jan 28 16:53:57 CET 2010
Hello, I'm using kernel 2.6.29 with iptables 1.4.6 and I'm trying to
setup a minimal TPROXY. Basically, I've configured another (physical)
machine to use my computer as default gateway, then on my machine I've
enabled ip_forward and disabled rp_filter everywhere and using these
rules:
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 9999 --tproxy-mark 0x1/0x1
There are no other iptables rules, and all chains default to ACCEPT
Then, on the remote machine I try to telnet google.com 80, but the
connection can't be established. Tcpdump shows that SYN packets arrive
but then it's as if they were dropped: they aren't getting to the proxy
on port 9999.
Any ideas ?
--
Stelian Ionescu a.k.a. fe[nl]ix
Quidquid latine dictum sit, altum videtur.
http://common-lisp.net/project/iolib
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20100128/c3ad66e1/attachment.pgp
More information about the tproxy
mailing list