From: linuxpark <linuxpark@gmail.com>
To: KOVACS Krisztian <hidden@balabit.hu>
Cc: tproxy@lists.balabit.hu, netfilter-announce@lists.netfilter.org,
netfilter@lists.netfilter.org, netdev@vger.kernel.org,
rnd@elim.net, dylee@elim.net
Subject: Re: [tproxy] [HELP] Tproxy server Can't receive any client packet
Date: Wed, 25 Nov 2009 17:54:30 +0900 [thread overview]
Message-ID: <4B0CF0C6.8040808@gmail.com> (raw)
In-Reply-To: <1259137840.9191.7.camel@nienna.balabit>
Thanks your reply ~
i succeed in tproxy function of the apache server
--
kernel 2.6.31 (vannilla kernel)
iptables 1.4.3 (no patched)
apache 2.2.9 + patches (main socket routine of the apache, mod_tproxy.c)
--
KOVACS Krisztian 쓴 글:
> Hi,
>
> On Mon, 2009-11-23 at 15:51 +0900, 박제호 wrote:
>
>> i have a problem in my transparent proxy test,
>> i recently made up the testbed as below to run the tproxy patched
>> apache proxy [mod_proxy],
>> and i applied all iptables and routing rules with referencing the
>> readme file [http://www.balabit.com/downloads/files/tproxy/README.txt,
>> http://www.mjmwired.net/kernel/Documentation/networking/tproxy.txt]
>> the proxy server listening the port 3128 and i checked there were no problem.
>> but when the client tried to connect the web server,
>> the packets reached to the box and i found the usage counts of filter
>> rules in the mangle table incresed
>> but my tproxy server could not receive any corresponding packet from the socket
>>
>> I want to know why my proxy server can't receive any packet through the socket,
>> Do i need some more DNAT rules ?
>>
>
> Would you mind testing the setup with an unpatched upstream kernel, that
> has tproxy built-in? (2.6.31, for example)
>
> Also, please download the latest iptables from netfilter.org and try
> using that. (No need for patching, tproxy support is in upstream.)
>
> That would help a lot in identifying the source of the issue. Thanks in
> advance.
>
> Cheers,
> Krisztian
>
>
>
next prev parent reply other threads:[~2009-11-25 8:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-23 6:51 [HELP] Tproxy server Can't receive any client packet 박제호
2009-11-25 8:30 ` [tproxy] " KOVACS Krisztian
2009-11-25 8:54 ` linuxpark [this message]
2009-12-02 5:33 ` linuxpark
2009-12-02 5:45 ` linuxpark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B0CF0C6.8040808@gmail.com \
--to=linuxpark@gmail.com \
--cc=dylee@elim.net \
--cc=hidden@balabit.hu \
--cc=netdev@vger.kernel.org \
--cc=netfilter-announce@lists.netfilter.org \
--cc=netfilter@lists.netfilter.org \
--cc=rnd@elim.net \
--cc=tproxy@lists.balabit.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).