[tproxy] tproxy and IPv6
KOVACS Krisztian
hidden at sch.bme.hu
Tue Apr 10 22:06:32 CEST 2012
Hi,
On 04/10/2012 03:32 PM, WG wrote:
> I'm trying to redirect all IPv6 traffic entering eth0 on port 80 to a
> locally running proxy server.
> But for some reason, the remote client gets only a connection timeout. I
> do see traffic entering eth0 to port 80, but nothing happens.
>
> This is what I did :
> ip -f inet6 rule add fwmark 1 lookup 100
> ip -f inet6 route add local ::/0 dev lo table 100
> ip6tables -t mangle -N DIVERT
> ip6tables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT
> ip6tables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
> ip6tables -t mangle -A DIVERT -j ACCEPT
> ip6tables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 3128
>
> Any ideas why it doesn't actually connect to port 3128 ? I tried using
> --on-ip as well, but no difference.
Your rules look OK -- have you tried running netstat -s and see which
counters are increasing? Or maybe using the Netfilter TRACE target to
trace your packets through your iptables rules.
Also, you didn't state which version of the kernel you're trying to use.
Cheers,
Krisztian
More information about the tproxy
mailing list