Re: ip6tables REDIRECT support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eliezer Croitoru <eliezer@ngtech.co.il>
To: "Steve (Telsat Broadband)" <steve@telsatbb.vu>
Cc: 'Joao Pereira' <joaopapereira@gmail.com>, netfilter@vger.kernel.org
Subject: Re: ip6tables REDIRECT support
Date: Sat, 29 Sep 2012 04:31:59 +0200	[thread overview]
Message-ID: <50665D9F.3080602@ngtech.co.il> (raw)
In-Reply-To: <075301cd9db7$0f0e8c00$2d2ba400$@telsatbb.vu>

On 9/28/2012 10:22 PM, Steve (Telsat Broadband) wrote:
> Hi Eliezer,
>
> We use our own custom server.  The server listens for connections on all
> ports for both TCP & UDP and forwards any unauthenticated connections to two
> separate services running on the same machine.  The problem with TPROXY was
> that despite it being configured exactly as we've configured it in the past
> when we used a squid proxy, the data packets never hit the services on the
> server which were supposed to handle them.
>
So I ask, Why if it worked with squid it's not working with your server?
the only answer I can think of is that you didn't used the right 
configurations on the server to work with tproxy.
it requires special socket options that are not similar to any regular ones.

Works for me with tproxy and does what I need.

Eliezer
> The redirect target worked perfectly for this situation, simply capturing
> any packets on dport 1-65535 and redirecting it to port xxx on the same
> machine.  Simply shifting port X to port Y without any other modifications.
>
> Cheers.
> Steve.
>
>
> Steve Noorderbroek
> C.T.O.
> Telsat Broadband Limited
> www.telsatbb.vu
<SNIP>

     prev parent reply	other threads:[~2012-09-29  2:31 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-27 12:17 ip6tables REDIRECT support Joao Pereira
2012-09-27 17:21 ` Steve (Telsat Broadband)
2012-09-27 18:25   ` Jan Engelhardt
2012-09-28 18:17   ` Eliezer Croitoru
2012-09-28 20:22     ` Steve (Telsat Broadband)
2012-09-29  2:31       ` Eliezer Croitoru [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50665D9F.3080602@ngtech.co.il \
    --to=eliezer@ngtech.co.il \
    --cc=joaopapereira@gmail.com \
    --cc=netfilter@vger.kernel.org \
    --cc=steve@telsatbb.vu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.