Hi There
I want to sincerely apologise first to this post because it have a LINUX reference...
in fact im using a linux base to this test but i came here for 3 reasons
1 - i want to see how tproxy patch works to port him to my software
2 - i will port my software native to BSD
3 - i never saw in my whole life one forum more cooperative
facts:
i have this test plataform:
ubuntu 9.04
kernel 2.6.32
iptables 1.4.6
squid 3.1 running in port 8012
iface ETH0 with no ip configured (connected in a gw ip 189.10.205.1)
iface ETH1 with no ip configured(all the clients behind this interface
189.10.205.0/24)
br0 with ip adress 189.10.205.3 with interface ETH0 and ETH1 associed
until here all is OK even i can UP all this rulles that i discribe
before and every thing seems to be OK!
BUT!
if i up THIS RULES:
I LOST COMMUNICATION WITH MY PROXY
all my clients stop to browsing (even me cuz im behind)... i cannot
use this in my netwok layout?
iven i cant ssh to the proxy, just ping
i think that routes getting crazy...
other stuff:
my LO is allways with ZERO BYTES...
someone!?
if no one answer me i will understand! no problem
Thank you
Best Rgds
Luiz Biazus
I want to sincerely apologise first to this post because it have a LINUX reference...
in fact im using a linux base to this test but i came here for 3 reasons
1 - i want to see how tproxy patch works to port him to my software
2 - i will port my software native to BSD
3 - i never saw in my whole life one forum more cooperative
facts:
i have this test plataform:
ubuntu 9.04
kernel 2.6.32
iptables 1.4.6
squid 3.1 running in port 8012
iface ETH0 with no ip configured (connected in a gw ip 189.10.205.1)
iface ETH1 with no ip configured(all the clients behind this interface
189.10.205.0/24)
br0 with ip adress 189.10.205.3 with interface ETH0 and ETH1 associed
Code:
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 1 > /proc/sys/net/ipv4/conf/eth0/send_redirects
Code:
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 8012
ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp
--ip-dport 80 -j redirect --redirect-target ACCEPT (if i use DROP stop
to navegate)
ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp
--ip-sport 80 -j redirect --redirect-target ACCEPT (if i use DROP stop
to navegate)
brctl stp br0 off
brctl setfd br0 1
brctl sethello br0 1
Code:
cd /proc/sys/net/bridge/
for i in *
do
echo 0 > $i
doneuntil here all is OK even i can UP all this rulles that i discribe
before and every thing seems to be OK!
BUT!
if i up THIS RULES:
Code:
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100I LOST COMMUNICATION WITH MY PROXY
all my clients stop to browsing (even me cuz im behind)... i cannot
use this in my netwok layout?
iven i cant ssh to the proxy, just ping
i think that routes getting crazy...
other stuff:
Code:
lo Link encap:Loopback Local
inet end.: 127.0.0.1 Masc:255.0.0.0
endereço inet6: ::1/128 Escopo:Máquina
UP LOOPBACK RUNNING MTU:16436 Métrica:1
pacotes RX:0 erros:0 descartados:0 excesso:0 quadro:0
Pacotes TX:0 erros:0 descartados:0 excesso:0 portadora:0
colisões:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)my LO is allways with ZERO BYTES...
someone!?
if no one answer me i will understand! no problem
Thank you
Best Rgds
Luiz Biazus
