From: linuxpark <linuxpark@gmail.com>
To: KOVACS Krisztian <hidden@balabit.hu>
Cc: tproxy@lists.balabit.hu, netfilter-announce@lists.netfilter.org,
netfilter@lists.netfilter.org, netdev@vger.kernel.org,
rnd@elim.net, dylee@elim.net
Subject: Re: [tproxy] [HELP] Tproxy server Can't receive any client packet
Date: Wed, 25 Nov 2009 17:54:30 +0900 [thread overview]
Message-ID: <4B0CF0C6.8040808@gmail.com> (raw)
In-Reply-To: <1259137840.9191.7.camel@nienna.balabit>
Thanks your reply ~
i succeed in tproxy function of the apache server
--
kernel 2.6.31 (vannilla kernel)
iptables 1.4.3 (no patched)
apache 2.2.9 + patches (main socket routine of the apache, mod_tproxy.c)
--
KOVACS Krisztian 쓴 글:
> Hi,
>
> On Mon, 2009-11-23 at 15:51 +0900, 박제호 wrote:
>
>> i have a problem in my transparent proxy test,
>> i recently made up the testbed as below to run the tproxy patched
>> apache proxy [mod_proxy],
>> and i applied all iptables and routing rules with referencing the
>> readme file [http://www.balabit.com/downloads/files/tproxy/README.txt,
>> http://www.mjmwired.net/kernel/Documentation/networking/tproxy.txt]
>> the proxy server listening the port 3128 and i checked there were no problem.
>> but when the client tried to connect the web server,
>> the packets reached to the box and i found the usage counts of filter
>> rules in the mangle table incresed
>> but my tproxy server could not receive any corresponding packet from the socket
>>
>> I want to know why my proxy server can't receive any packet through the socket,
>> Do i need some more DNAT rules ?
>>
>
> Would you mind testing the setup with an unpatched upstream kernel, that
> has tproxy built-in? (2.6.31, for example)
>
> Also, please download the latest iptables from netfilter.org and try
> using that. (No need for patching, tproxy support is in upstream.)
>
> That would help a lot in identifying the source of the issue. Thanks in
> advance.
>
> Cheers,
> Krisztian
>
>
>
next prev parent reply other threads:[~2009-11-25 8:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-23 6:51 [HELP] Tproxy server Can't receive any client packet 박제호
2009-11-25 8:30 ` [tproxy] " KOVACS Krisztian
2009-11-25 8:54 ` linuxpark [this message]
2009-12-02 5:33 ` linuxpark
2009-12-02 5:45 ` linuxpark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B0CF0C6.8040808@gmail.com \
--to=linuxpark@gmail.com \
--cc=dylee@elim.net \
--cc=hidden@balabit.hu \
--cc=netdev@vger.kernel.org \
--cc=netfilter-announce@lists.netfilter.org \
--cc=netfilter@lists.netfilter.org \
--cc=rnd@elim.net \
--cc=tproxy@lists.balabit.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.