[tproxy] tproxy and IPv6

Ä╔╘╛Ñ Ä╔╘╛Ñ hi2arun at gmail.com
Mon Apr 23 06:11:21 CEST 2012


Hi -

What proxy do u use? Is IP_TRANSPARENT enabled on the socket that you
listening on?

R,
Arun

On 18 April 2012 22:48, WG <tproxy at wim.email.be> wrote:

> Hi,
>
> The strange thing is that, if I type all those commands, as soon as I
> type the last one I can't connect to the server running on port 3128
> remotely anymore, not even on the direct IP.
>
> I'm running Linux kernel 3.3.2 (previously tried with 2.6.34).
>
> Any suggestions most welcome...
>
> Kind regards,
>
> Wim
>
>
>
> KOVACS Krisztian wrote:
> > Hi,
> >
> > On 04/10/2012 03:32 PM, WG wrote:
> >> I'm trying to redirect all IPv6 traffic entering eth0 on port 80 to a
> >> locally running proxy server.
> >> But for some reason, the remote client gets only a connection timeout. I
> >> do see traffic entering eth0 to port 80, but nothing happens.
> >>
> >> This is what I did :
> >> ip -f inet6 rule add fwmark 1 lookup 100
> >> ip -f inet6 route add local ::/0 dev lo table 100
> >> ip6tables -t mangle -N DIVERT
> >> ip6tables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT
> >> ip6tables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
> >> ip6tables -t mangle -A DIVERT -j ACCEPT
> >> ip6tables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
> >> --tproxy-mark 0x1/0x1 --on-port 3128
> >>
> >> Any ideas why it doesn't actually connect to port 3128 ? I tried using
> >> --on-ip as well, but no difference.
> >
> > Your rules look OK -- have you tried running netstat -s and see which
> > counters are increasing? Or maybe using the Netfilter TRACE target to
> > trace your packets through your iptables rules.
> >
> > Also, you didn't state which version of the kernel you're trying to use.
> >
> > Cheers,
> > Krisztian
> >
> > .
> >
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>



-- 
Regards,
Arun S.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20120423/1d2f6e30/attachment.htm 


More information about the tproxy mailing list