* Netfilter injects network headers?
@ 2009-12-07 19:05 Aviad Lahav
0 siblings, 0 replies; only message in thread
From: Aviad Lahav @ 2009-12-07 19:05 UTC (permalink / raw)
To: netfilter
Hi all,
I'm trying to set up an SSL transparent proxy, and I've seen very
bizarre behavior on my system.
I've added two NAT rules to the PREROUTING chain, looking like this:
# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 561 packets, 70236 bytes)
pkts bytes target prot opt in out source destination
20 1280 REDIRECT tcp -- ppp0 any anywhere
anywhere tcp dpt:4309 redir ports 4443
8 512 REDIRECT tcp -- ppp0 any anywhere
anywhere tcp dpt:https redir ports 4443
So I've got a listener on port 4443, accepting connections from both
ports 443 and 4309.
When I'm doing the first recv() in my accepting server, I get the
incoming connections to port 443 very well, BUT:
Incoming connections to port 4309 gets *3 extra bytes* in the
beginning of the connection (maybe also to subsequent packets, but I
haven't had the chance to see this data yet...()
The first 3 bytes I'm getting is:
0x00 0x01 0x05
My machine is an up-to-date Ubuntu 9.10 (karmic), and the packets are
coming from a client connected thru pptpd.
Anyone has a clue?
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-12-07 19:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-12-07 19:05 Netfilter injects network headers? Aviad Lahav
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).