lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 25 Nov 2009 17:54:30 +0900
From:	linuxpark <linuxpark@...il.com>
To:	KOVACS Krisztian <hidden@...abit.hu>
CC:	tproxy@...ts.balabit.hu, netfilter-announce@...ts.netfilter.org,
	netfilter@...ts.netfilter.org, netdev@...r.kernel.org,
	rnd@...m.net, dylee@...m.net
Subject: Re: [tproxy] [HELP] Tproxy server Can't receive any client packet

Thanks your reply ~

i succeed in tproxy function of the apache server
--
kernel 2.6.31 (vannilla kernel)
iptables 1.4.3   (no patched)
apache 2.2.9 + patches (main socket routine of the apache, mod_tproxy.c)

--



KOVACS Krisztian 쓴 글:
> Hi,
>
> On Mon, 2009-11-23 at 15:51 +0900, 박제호 wrote:
>   
>> i have a problem in my transparent proxy test,
>> i recently made up the testbed as below to run the tproxy patched
>> apache proxy [mod_proxy],
>> and i applied all iptables and routing rules with referencing the
>> readme file [http://www.balabit.com/downloads/files/tproxy/README.txt,
>> http://www.mjmwired.net/kernel/Documentation/networking/tproxy.txt]
>> the proxy server listening the port 3128 and i checked there were no problem.
>> but  when the client tried to connect the web server,
>> the packets reached to the box and i found the usage counts of filter
>> rules in the mangle table incresed
>> but my tproxy server could not receive any corresponding packet from the socket
>>
>> I want to know why my proxy server can't receive any packet through the socket,
>> Do i need some more DNAT rules ?
>>     
>
> Would you mind testing the setup with an unpatched upstream kernel, that
> has tproxy built-in? (2.6.31, for example)
>
> Also, please download the latest iptables from netfilter.org and try
> using that. (No need for patching, tproxy support is in upstream.)
>
> That would help a lot in identifying the source of the issue. Thanks in
> advance.
>
> Cheers,
> Krisztian
>
>
>   

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ