[tproxy] Configuration problems
KOVACS Krisztian
hidden at balabit.hu
Fri Jan 29 09:45:46 CET 2010
Hi,
On 01/28/2010 04:53 PM, Stelian Ionescu wrote:
> Hello, I'm using kernel 2.6.29 with iptables 1.4.6 and I'm trying to
> setup a minimal TPROXY. Basically, I've configured another (physical)
> machine to use my computer as default gateway, then on my machine I've
> enabled ip_forward and disabled rp_filter everywhere and using these
> rules:
>
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
> iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 9999 --tproxy-mark 0x1/0x1
>
> There are no other iptables rules, and all chains default to ACCEPT
>
> Then, on the remote machine I try to telnet google.com 80, but the
> connection can't be established. Tcpdump shows that SYN packets arrive
> but then it's as if they were dropped: they aren't getting to the proxy
> on port 9999.
>
> Any ideas ?
Does your proxy application set the IP_TRANSPARENT socket option on the
listener socket?
--
KOVACS Krisztian
More information about the tproxy
mailing list