'Re: [tproxy] libipt_TPROXY.so not compiled'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tproxy
Subject:    Re: [tproxy] libipt_TPROXY.so not compiled
From:       Laszlo Attila Toth <panther () balabit ! hu>
Date:       2007-08-28 8:32:06
Message-ID: 46D3DD86.5000401 () balabit ! hu
[Download RAW message or body]

Hello,

I forgot to set address family in libxt_tproxy.c (match), but
libxt_TPROXY.c (target) works well.
Patch is attached.

You should use the target as:

iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other
parameters>
or
iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other
parameters>

and
iptables -A INPUT -m tproxy -j ACCEPT

TPROXY target should  be used only in the tproxy table's PREROUTING
chain and tproxy match should be used in filter table's INPUT chain.
Also you shouldn't write  ... -m tproxy ... -j TPROXY



Lachlan Bowes írta:
> Have any of you seen this before?
>
> I followed instructions in README, but to no avail.
>
> Apologies if this is obvious but I am from a FreeBSD background, linux
> is not my normal OS so environment is foreign to me.
>
> Regards,
>     Lachlan
>
> root@syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a
> Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux
> root@syd-log01:/root/tproxy-4.0.1-2.6.22#
>
>
> root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
> PREROUTING -j TPROXY --on-port 3128
> iptables v1.3.8: Unknown arg `--on-port'
> Try `iptables -h' or 'iptables --help' for more information.
> root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
> PREROUTING -j TPROXY
> iptables v1.3.8: Couldn't load target
> `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared
> object file: No such file or directory
>
> Try `iptables -h' or 'iptables --help' for more information.
> root@syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod  | grep iptable
> iptable_filter          3104  0
> iptable_tproxy          6468  0
> ip_tables              12420  2 iptable_filter,iptable_tproxy
> root@syd-log01:/root/tproxy-4.0.1-2.6.22#
>   

--
Panther

["libxt_tproxy.diff" (text/x-patch)]

--- libxt_tproxy.c.old	2007-08-10 15:02:14.000000000 +0200
+++ libxt_tproxy.c	2007-08-28 10:23:34.000000000 +0200
@@ -60,6 +60,22 @@
 
 static struct xtables_match tproxy = {
 	.name          = "tproxy",
+	.family	       = AF_INET,
+	.version       = IPTABLES_VERSION,
+	.size          = 0, 
+	.userspacesize = 0, 
+	.help          = help,
+	.init          = init,
+	.parse         = parse,
+	.final_check   = final_check,
+	.print         = print,
+	.save          = save,
+	.extra_opts    = opts,
+};
+
+static struct xtables_match tproxy6 = {
+	.name          = "tproxy",
+	.family	       = AF_INET6,
 	.version       = IPTABLES_VERSION,
 	.size          = 0, 
 	.userspacesize = 0, 
@@ -75,4 +91,5 @@
 void _init(void)
 {
 	xtables_register_match(&tproxy);
+	xtables_register_match(&tproxy6);
 }


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic