[tproxy] Configuration problems

Stelian Ionescu sionescu at cddr.org
Fri Jan 29 19:53:15 CET 2010


On Fri, 2010-01-29 at 09:45 +0100, KOVACS Krisztian wrote:
> Hi,
> 
> On 01/28/2010 04:53 PM, Stelian Ionescu wrote:
> > Hello, I'm using kernel 2.6.29 with iptables 1.4.6 and I'm trying to
> > setup a minimal TPROXY. Basically, I've configured another (physical)
> > machine to use my computer as default gateway, then on my machine I've
> > enabled ip_forward and disabled rp_filter everywhere and using these
> > rules:
> >
> > ip rule add fwmark 1 lookup 100
> > ip route add local 0.0.0.0/0 dev lo table 100
> > iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 9999 --tproxy-mark 0x1/0x1
> >
> > There are no other iptables rules, and all chains default to ACCEPT
> >
> > Then, on the remote machine I try to telnet google.com 80, but the
> > connection can't be established. Tcpdump shows that SYN packets arrive
> > but then it's as if they were dropped: they aren't getting to the proxy
> > on port 9999.
> >
> > Any ideas ?
> 
> Does your proxy application set the IP_TRANSPARENT socket option on the 
> listener socket?

Oops, sorry for the noise. I had forgotten just that.

-- 
Stelian Ionescu a.k.a. fe[nl]ix
Quidquid latine dictum sit, altum videtur.
http://common-lisp.net/project/iolib
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20100129/ecdb1ea8/attachment.pgp 


More information about the tproxy mailing list