lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1259137840.9191.7.camel@nienna.balabit>
Date:	Wed, 25 Nov 2009 09:30:40 +0100
From:	KOVACS Krisztian <hidden@...abit.hu>
To:	박제호 <linuxpark@...il.com>
Cc:	tproxy@...ts.balabit.hu, netfilter-announce@...ts.netfilter.org,
	netfilter@...ts.netfilter.org, netdev@...r.kernel.org,
	rnd@...m.net, dylee@...m.net
Subject: Re: [tproxy] [HELP] Tproxy server Can't receive any client packet

Hi,

On Mon, 2009-11-23 at 15:51 +0900, 박제호 wrote:
> i have a problem in my transparent proxy test,
> i recently made up the testbed as below to run the tproxy patched
> apache proxy [mod_proxy],
> and i applied all iptables and routing rules with referencing the
> readme file [http://www.balabit.com/downloads/files/tproxy/README.txt,
> http://www.mjmwired.net/kernel/Documentation/networking/tproxy.txt]
> the proxy server listening the port 3128 and i checked there were no problem.
> but  when the client tried to connect the web server,
> the packets reached to the box and i found the usage counts of filter
> rules in the mangle table incresed
> but my tproxy server could not receive any corresponding packet from the socket
> 
> I want to know why my proxy server can't receive any packet through the socket,
> Do i need some more DNAT rules ?

Would you mind testing the setup with an unpatched upstream kernel, that
has tproxy built-in? (2.6.31, for example)

Also, please download the latest iptables from netfilter.org and try
using that. (No need for patching, tproxy support is in upstream.)

That would help a lot in identifying the source of the issue. Thanks in
advance.

Cheers,
Krisztian

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ