[zorp] tproxy problem
Tito Flagella
zorp@lists.balabit.hu
Wed, 05 Mar 2003 10:14:27 +0100
We are experiencing some problems using:
- cttproxy, version cttproxy-2.4.18-10, applied without any apparent
problem on a Linux 2.4.9-e.10 kernel, derived from the Redhat "Advanced
Server" kernel.
- zorp 2
We use an udp Plug proxy, defined as follows:
def udp():
Service("udp", PlugProxy)
Receiver(SockAddrInet("10.0.0.191", 20001), "udp")
Receiver(SockAddrInet("192.168.1.1", 20001), "udp")
Receiver(SockAddrInet("192.168.7.1", 20001), "udp")
and used through iptables rules, like:
[root@pif root]# iptables --list -t tproxy
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
TPROXY udp -- dmz.sede-pisa.link.it gondor.sede-pisa.link.it udp
spts:1024:65535 dpt:domain TPROXY redirect 0.0.0.0:20001
TPROXY udp -- dmz.sede-pisa.link.it gondor.sede-pisa.link.it udp
spt:domain dpt:domain TPROXY redirect 0.0.0.0:20001
...
With tcpdump, we observe that DNS queries coming from the internal
networks (both from a DNS server from the 53 port and from DNS clients
on non privileged ports) are sometimes redirected to the 20001 port,
sometimes not. Obviously, when not redirected, zorp is not activated and
the query doesn't work.
Do you have any idea of what's wrong in our environment?
Thanks a lot,
tito.