[tproxy] Sample/test code

文剑 wenjianhn at gmail.com
Sun May 8 08:39:18 CEST 2011


I added a static route.

I found the reason.
One of my tp-link device has a bug  which quietly ignored my static route
configuration.



2011/5/4 Balazs Scheidler <bazsi at balabit.hu>

> On Mon, 2011-05-02 at 19:42 +0800, 文剑 wrote:
> > Hi,
> >
> > I want to write a full transparency proxy too.
> >
> > Squid and haproxy are so complicated that i can't quickly understand
> > how tproxy works.
> > And I am new to iptables.
> > If there is a sample peace of code which is simple, I think it would
> > be helpful.
> >
> > I wrote some code which failed at initiating connections with a
> > foreign address as a source.
> > The reason is timeout while attempting connection.
> > Where am I wrong?
> >
> > Thanks.
> >
> >
> > My code:
> >
> > #define NON_LOCAL_IP "192.168.111.23"
> > #define NON_LOCAL_PORT 2000
> >
> > int sockfd = socket(AF_INET, SOCK_STREAM, 0);
> >
> > memset (&non_local_addr, 0, sizeof(non_local_addr));
> > non_local_addr.sin_family = AF_INET;
> > dst_addr.sin_addr.s_addr = inet_addr(NON_LOCAL_IP);
> > inet_pton(AF_INET, NON_LOCAL_IP, &non_local_addr.sin_addr);
> > non_local_addr.sin_port = htons(NON_LOCAL_PORT);
> >
> > setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &optvalue,
> > sizeof(optvalue));
> > setsockopt(sockfd, SOL_IP, IP_TRANSPARENT, &optvalue,
> > sizeof(optvalue));
> > bind(sockfd, (struct sockaddr *)&non_local_addr,
> > sizeof(non_local_addr));
> >
> > memset(&dst_addr, 0, sizeof(dst_addr));
> > dst_addr.sin_family = AF_INET;
> > dst_addr.sin_addr.s_addr = inet_addr("192.168.1.1");
> > dst_addr.sin_port = htons(80);
> >
> > connect(sockfd, (struct sockaddr *) &dst_addr, sizeof(dst_addr));  //
> > ETIMEOUT
>
> are you sure the reverse direction is routed back through your box? that
> is needed for tproxy to pick up packets.
>
> e.g. the server should route client destined packets using your box as a
> gateway.
>
> --
> Bazsi
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20110508/0f50b562/attachment.htm 


More information about the tproxy mailing list