NAT with REDIRECT fuck up...

NAT with REDIRECT fuck up...

[Lennart A. Hansen]

[-- Attachment #1: Type: text/plain, Size: 643 bytes --]

Hey ppl..

I have of cause searched before posting, but havent found anything 
simmilar..

Short story is that i want to redirect proxy request to host1:9001 to 
host2:3128, host2 is a bridge i'm on eth1 and host1 is on eth0

My intenstion is to catch all request to host1:9001 and redirect them to 
host2:3128.

iptables command:
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 8080 -j REDIRECT 
--to-port 3128

This worked at first, but stopped working just like that..

I have sniffed on it, and attached it here.. 12kb Ethercap format

It looks really fucked up, check sum error and so on...

Anyone have any idea why it's fucking up?

[-- Attachment #2: sniffed --]
[-- Type: application/octet-stream, Size: 11762 bytes --]

Re: NAT with REDIRECT #$%@ up...

[Jason Opperisano]

On Mon, 2005-01-31 at 07:14, Lennart A. Hansen wrote:
> Hey ppl..
> 
> I have of cause searched before posting, but havent found anything 
> simmilar..
> 
> Short story is that i want to redirect proxy request to host1:9001 to 
> host2:3128, host2 is a bridge i'm on eth1 and host1 is on eth0
> 
> My intenstion is to catch all request to host1:9001 and redirect them to 
> host2:3128.
> 
> iptables command:
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 8080 -j REDIRECT 
> --to-port 3128
> 
> This worked at first, but stopped working just like that..
> 
> I have sniffed on it, and attached it here.. 12kb Ethercap format
> 
> It looks really fucked up, check sum error and so on...
> 
> Anyone have any idea why it's fucking up?

according to packet 6 in your capture, your proxy requires
authentication.  you cannot combine authentication and transparent
proxying; which will makes perfect sense if you think about it long
enough.

as far as the checksum errors go--do you have an IP bound to br0?

-j

PS - amongst my friends i have a mouth like a sailor, but i don't see
how it's appropriate to set a subject line as you did, no matter how
frustrated you may be.

--
"I've added an extra ingredient just for you.  The merciless peppers
 of Quetzlzacatenango!  Grown deep in the jungle primeval by the
 inmates of a Guatemalan insane asylum."
	--The Simpsons

Re: NAT with REDIRECT #$%@ up...

[Lennart A. Hansen]

Jason Opperisano wrote:

> according to packet 6 in your capture, your proxy requires
> authentication.  you cannot combine authentication and transparent
> proxying; which will makes perfect sense if you think about it long
> enough.
>
> as far as the checksum errors go--do you have an IP bound to br0?
>

No its far more stupid then that, in a tired nightly hour I did set 
netmask 255.255.255.0 on br0 where it should be 255.0.0.0, when my 
client tryes to reach the proxy
 at port 3128 i HAS to go througt my gateway since it the only way thay 
can reach each other. Strangely enough thay can.

Natually it will generate errors when the bridge tryed to trick the 
client posing af the gateway.

Thanks anyway.

> PS - amongst my friends i have a mouth like a sailor, but i don't see
> how it's appropriate to set a subject line as you did, no matter how
> frustrated you may be.
>
Sorry about that, no fence meant by it...

I'am very happy with IPTables and respect those how contributed to it. 
Thanks guys.

-Lennart