[tproxy] Sample/test code

文剑 wenjianhn at gmail.com
Mon May 2 13:42:33 CEST 2011

*I want to write a full transparency proxy too.

Squid and haproxy are so complicated that i can't quickly understand how
tproxy works.
And I am new to iptables.
If there is a sample peace of code which is simple, I think it would be

I wrote some code which failed at initiating connections with a foreign
address as a source.
The reason is timeout while attempting connection.
Where am I wrong?


My code:

#define NON_LOCAL_IP ""
#define NON_LOCAL_PORT 2000

int sockfd = socket(AF_INET, SOCK_STREAM, 0);

memset (&non_local_addr, 0, sizeof(non_local_addr));
non_local_addr.sin_family = AF_INET;
dst_addr.sin_addr.s_addr = inet_addr(NON_LOCAL_IP);
inet_pton(AF_INET, NON_LOCAL_IP, &non_local_addr.sin_addr);
non_local_addr.sin_port = htons(NON_LOCAL_PORT);

setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &optvalue, sizeof(optvalue));
setsockopt(sockfd, SOL_IP, IP_TRANSPARENT, &optvalue, sizeof(optvalue));
bind(sockfd, (struct sockaddr *)&non_local_addr, sizeof(non_local_addr));

memset(&dst_addr, 0, sizeof(dst_addr));
dst_addr.sin_family = AF_INET;
dst_addr.sin_addr.s_addr = inet_addr("");
dst_addr.sin_port = htons(80);

connect(sockfd, (struct sockaddr *) &dst_addr, sizeof(dst_addr));  //
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20110502/12439f81/attachment.htm 

More information about the tproxy mailing list