[tproxy] Configuration problems

Stelian Ionescu sionescu at cddr.org
Thu Jan 28 16:53:57 CET 2010

Hello, I'm using kernel 2.6.29 with iptables 1.4.6 and I'm trying to
setup a minimal TPROXY. Basically, I've configured another (physical)
machine to use my computer as default gateway, then on my machine I've
enabled ip_forward and disabled rp_filter everywhere and using these

ip rule add fwmark 1 lookup 100
ip route add local dev lo table 100
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 9999 --tproxy-mark 0x1/0x1

There are no other iptables rules, and all chains default to ACCEPT

Then, on the remote machine I try to telnet google.com 80, but the
connection can't be established. Tcpdump shows that SYN packets arrive
but then it's as if they were dropped: they aren't getting to the proxy
on port 9999.

Any ideas ?

Stelian Ionescu a.k.a. fe[nl]ix
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20100128/c3ad66e1/attachment.pgp 

More information about the tproxy mailing list