[tproxy] TPROXY on ubuntu not working.

yash cp yashavanth.hsn at gmail.com
Tue Aug 27 08:05:15 CEST 2013

Hello Firas,

Thanks for your quick reply.

1. What do you mean by "Real"?
    Even though its an private IP address, it uses DHCP for getting the IP
address.( Its not static or aliased) I am able to access the Internet from
the proxy machine.

2. By (Interface to the Internet), I suppose you mean that this private IP
address will be NATed at another network device after the TPROXY. How about
subnet Is it NATed ? Why are you using two IP addresses on

Yes, its NATed after TPROXY. is not NATed.
I am using two IP addresses, because I want to create a local network
behind machine. I suppose, without two IP addresses I cannot
create a subnet. Please correct me if I am wrong.

3.The TPROXY will spoof the IP addresses of clients on and I think (but I'm not sure) that TPROXY would
send SYN-ACK to the
original client, only after it receives SYN-ACK from the web server. Since
this subnet is private, requests will not reach the web server unless
you're doing NAT somewhere after the TPROXY. Please note that even if
you're doing NAT, you must make sure that replies return back to the TPROXY
rather than the original client.

Well, I checked with my setup. After the SYN packet from the client is
received. The TPROXY machine never responds to the original client or even
never tries to send the SYN packet to the web server.
Without using TPROXY,  my setup with Iptables REDIRECT works fine.

4. I don't know about the internals of the TPROXY. Does it works with
matching using IP address and port or with MAC address.
I could not get your question here!

What I meant here is, how does the TPROXY matches the packets. Since I am
using the same MAC address for both the IP's. Will that be a problem?

Best Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20130827/30e43d63/attachment.htm 

More information about the tproxy mailing list