[zorp] Why client can see ip address of dummy interface
A Johns
andrew.johns at gmail.com
Tue Jul 10 08:56:46 CEST 2007
Hi ZhouLi,
See below
On 7/9/07, Zhou Li <zhou.li at ca-jc.com> wrote:
>
> I test Zorp 3.0.14b + 2.0.6 cttproxy for kernel 2.6.17 and It work fine
> for me, but I found client can
> see ip address of dummy interface that I can't understand.
>
> client(192.168.88.166) <--> zorp(dummy ip 172.16.44.10) <--> server(
> 192.168.88.10)
>
> # iptables -t tproxy -I PREROUTING -p tcp --dport 80 -j TPROXY --on-ip
> 172.16.44.10 --on-port 60080
>
> instances.conf:
> http -T -v 1 -s core.error:0 -p /usr/local/etc/zorp/http.py -B
> 172.16.44.10
>
> http.py:
> .
> .
> .
> def zorp():
> Service("http", MyHttp, router=TransparentRouter(forge_addr=TRUE,
> forge_port=Z_PORT_EXACT))
> Listener(SockAddrInet(172.16.44.10, 60080), "http", transparent=TRUE,
> mark_tproxy=TRUE)
>
> when I make a new http request from client to server and tcpdump will
> display the information below
>
> tcpdump on client
> # tcpdump | grep 172.16.44.10
> 16:10:57.975579 802.1Q vlan#3 P0 172.16.44.10.60080 > 192.168.88.166.2883:
> P 0:32(32) ack 1 win 11680 (DF)
> 16:10:57.975611 172.16.44.10.60080 > 192.168.88.166.2883: P 0:32(32) ack 1
> win 11680 (DF)
> 16:10:57.975831 192.168.88.166.2883 > 172.16.44.10.60080: R
> 3812615646:3812615646(0) win 0
> 16:10:57.975860 802.1Q vlan#3 P0 192.168.88.166.2883 > 172.16.44.10.60080:
> R 3812615646:38126156
>
> tcpdump on server
> # tcpdump | grep 172.16.44.10
> 16:10:57.538207 arp who-has 192.168.88.10 tell 172.16.44.10
>
> my question is how to avoid client see dummy ip address?
>
> ZhouLi
>
Does TProxy work in bridge mode - you appear to have the same network
address/mask on both zorp interfaces - is this correct? Or is this on a
VMWare system?
--
Regards
AJ
NetSafety - Intenet Security Made Easy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/zorp/attachments/20070710/1b7ec5a0/attachment.htm
More information about the zorp
mailing list