[tproxy] TPROXY on ubuntu not working.
Firas Rasmy
firasrasmy at yahoo.com
Mon Aug 26 23:36:19 CEST 2013
Hello Yash,
________________________________
From: yash cp <yashavanth.hsn at gmail.com>
To: tproxy at lists.balabit.hu
Sent: Tuesday, August 27, 2013 12:01 AM
Subject: [tproxy] TPROXY on ubuntu not working.
>Hello Team,
>I am trying to configure and use TPROXY as given in the link. http://wiki.squid-cache.org/Features/Tproxy4
>My setup includes : A Ubuntu machine with one Network card, but two IP addresses ( one of which is virtual or Alias)
>Real IP: 192.168.150. 10 -- ( interface to the internet)
What do you mean by "Real"?
>Virtual IP : 192.168.22.5 -- ( interface to the subnet 192.168.22.0/24)
By (Interface to the Internet), I suppose you mean that this private IP address will be NATed at another network device after the TPROXY. How about subnet 192.168.22.0/24? Is it NATed ? Why are you using two IP addresses on the TPROXY?
>Both the IP's have the same MAC address.
>When the client( 192.168.22.10) sends connection request, its forwarded to the other port 50001 (Checked with the logs).
>But the proxy is not responding with SYN-ACK , as a result the connection is not established.
The TPROXY will spoof the IP addresses of clients on 192.168.22.0/24 subnet and I think (but I'm not sure) that TPROXY would send SYN-ACK to the original client, only after it receives SYN-ACK from the web server. Since this subnet is private, requests will not reach the web server unless you're doing NAT somewhere after the TPROXY. Please note that even if you're doing NAT, you must make sure that replies return back to the TPROXY rather than the original client.
>I don't know about the internals of the TPROXY. Does it works with matching using IP address and port or with MAC address.
I could not get your question here!
>Does TPROXY is not supported in this scenario?
If you take care of the things I pointed out above, then it is, but I don't think you would need two IP addresses on the TPROXY. I recommend using WCCP though.
>Best Regards,
>Yash
Best regards,
Firas
_______________________________________________
tproxy mailing list
tproxy at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20130826/3d09e670/attachment.htm
More information about the tproxy
mailing list