[tproxy] I'm having a little trouble binding a tproxy and I might do something wrong.

Eliezer Croitoru eliezer at ngtech.co.il
Thu Dec 20 18:54:45 CET 2012


Hello,

I am writing a small proxy and while trying to use tproxy I am getting a 
problem while I am not sure I am doing it right.

The server accepts the connection and identify the two ends.
But when I try to connect using the client IP and PORT I am getting 
error "Connection timed out - connect(2)"
while on netstat I am getting two sockets:
tcp        0      1 192.168.10.100:51573    81.218.79.155:80        SYN_SENT
tcp      287      0 81.218.79.155:80        192.168.10.100:51573 
ESTABLISHED

The upper one is the server "connect" which seems to stuck like that 
with no response.

This problem accrues only when I try to bind the same ip and port of the 
client.
When I use other random port as src port for the forged connection I can 
connect and everything is fine.

I might be doing something wrong but since I have no clue.

I am using ruby and the basic code:
#!/usr/bin/ruby
require 'socket'

server = Socket.new(Socket::AF_INET,Socket::SOCK_STREAM)
server.setsockopt(Socket::SOL_SOCKET, Socket::SO_REUSEADDR, true)
server.setsockopt(Socket::SOL_SOCKET, Socket::SO_BROADCAST, true)
server.setsockopt(Socket::SOL_IP, 19, 1)
server_port = Socket.pack_sockaddr_in( 1111, '0.0.0.0')

result = server.bind(server_port)
server.listen(10)
puts "server started with code: #{result}"

while (connection = server.accept)
   Thread.new(connection) do |conn|

     puts "new connection"
     port, host = Socket.unpack_sockaddr_in conn[1]
     client = "#{host}:#{port}"
     puts "#{client} is connected"

	local_address = (Socket.unpack_sockaddr_in conn[0].local_address) + 
[conn[0].local_address.ipv4?]
     remote_address = (Socket.unpack_sockaddr_in conn[0].remote_address) 
+ [conn[0].remote_address.ipv4?]

     puts "local_address: #{local_address}"
     puts "remote_address: #{remote_address}"

     fake_local = Socket.pack_sockaddr_in(0,remote_address[1])

     if local_address[2]
       remote_connection = Socket.new(Socket::AF_INET,Socket::SOCK_STREAM,0)
       remote_connection.setsockopt(Socket::SOL_IP, 
Socket::IP_TRANSPARENT, 1)
       result = remote_connection.bind(conn[0].remote_address)
       puts "Bind result: #{result}"
     else
       remote_connection = 
Socket.new(Socket::AF_INET6,Socket::SOCK_STREAM,0)
       remote_connection.setsockopt(Socket::SOL_IP, 
Socket::IP_TRANSPARENT, 1)
       result = remote_connection.bind(conn[0].remote_address)
       puts "Bind result: #{result}"
     end
     begin
       puts "Server Connect result: 
#{remote_connection.connect(conn[0].local_address)}"
     rescue => e
      puts e.exception
      puts e.message

     end
   end
end
##end of file


The output from the server is:
server started with code: 0
new connection
192.168.10.100:51573 is connected
local_address: [80, "81.218.79.155", true]
remote_address: [51573, "192.168.10.100", true]
Bind result: 0
Connection timed out - connect(2)
Connection timed out - connect(2)


Thanks,
Eliezer


More information about the tproxy mailing list