[tproxy] tproxy and IPv6
Ramin Dousti
dousti at gmail.com
Tue Apr 10 16:27:56 CEST 2012
I have used this concept with success for a UDP-based application:
# IPv6
ip6tables -t mangle -A PREROUTING -i eth0 -p udp --dport 4342 -j
TPROXY --tproxy-mark 0x2/0x3 --on-port 4342
ip -6 rule add fwmark 2 lookup 6
ip -6 route add local ::/0 dev eth0 table 6
I didn't go through your rules thoroughly but in your "ip route"
instruction, wouldn't you need to specify the dev as eth0?
Ramin
On Tue, Apr 10, 2012 at 9:32 AM, WG <tproxy at wim.email.be> wrote:
> Hi,
>
> I'm trying to redirect all IPv6 traffic entering eth0 on port 80 to a
> locally running proxy server.
> But for some reason, the remote client gets only a connection timeout. I
> do see traffic entering eth0 to port 80, but nothing happens.
>
> This is what I did :
> ip -f inet6 rule add fwmark 1 lookup 100
> ip -f inet6 route add local ::/0 dev lo table 100
> ip6tables -t mangle -N DIVERT
> ip6tables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT
> ip6tables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
> ip6tables -t mangle -A DIVERT -j ACCEPT
> ip6tables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 3128
>
> Any ideas why it doesn't actually connect to port 3128 ? I tried using
> --on-ip as well, but no difference.
>
> Thanks for any help !
>
> Wim
>
>
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
--
Ramin
More information about the tproxy
mailing list