Displaying 20 results from an estimated 34 matches for "tproxy".
Did you mean:
proxy
2018 Dec 19
5
[Bug 1310] New: syntax issue with tproxy
https://bugzilla.netfilter.org/show_bug.cgi?id=1310
Bug ID: 1310
Summary: syntax issue with tproxy
Product: nftables
Version: unspecified
Hardware: All
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: arturo at debian...
2012 May 08
19
Shorewall, TPROXY, Transparent Squid and Multiples ISP
Hello,
I wonder if someone could use the TPROXY with Shorewall and
transparent Squid with using the routing rules on shorewall
(tcrules) for hosts / networks (LAN) with multiples providers (WANs)
directly from the internal network on port 80 (with TPROXY
transparent squid or REDIRECT).
On this issue, the routing rules is no...
2010 Jun 15
4
TPROXY configuration
I''m trying to get TPROXY / Squid running and I have a few questions...
I found this page:
http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY
However, it doesn''t explain what I''m seeing in the configuration.
For the zone file, do I keep my loc and net configurations and just add
the following to...
2020 Jan 16
2
[Bug 1398] New: tproxy rule is not matched for ip6
https://bugzilla.netfilter.org/show_bug.cgi?id=1398
Bug ID: 1398
Summary: tproxy rule is not matched for ip6
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Re...
2017 Aug 08
1
CentOS6, IP6tables, Routing, TPROXY (squid34 epel package)
...gle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-N DIVERT
-A DIVERT -j MARK --set-mark 1
-A DIVERT -j ACCEPT
-A PREROUTING -i br0 -p tcp -m socket -j DIVERT
-A PREROUTING -i br0 -p tcp -d 2a02:1788:2fd::b2ff:5302 --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i br0 -m tcp -p tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m tcp -p tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m tcp -p tcp --dport 443 -...
2013 Apr 26
0
TPROXY/IPv6: Documentation bugs?
In working through an IPv6/TPROXY issue I had, I believe I found a
documentation bug:
http://www.shorewall.net/manpages6/shorewall6-tcrules.html
In the ACTION section, for part 12. SAME:
The documentation lists:
#ACTION SOURCE DEST PROTO DEST
#...
2019 Oct 15
2
Attempting to use tproxy on Centos 8 fails with 'No such file or directory'
I was working on a haproxy transparent proxy setup that we had working
on Centos 7 (iptables), but running into issues getting tproxy working
with NFTables on Centos 8.
>From https://www.kernel.org/doc/Documentation/networking/tproxy.txt,
It should be a matter of:
# nft add table filter
# nft add chain filter divert "{ type filter hook prerouting priority -150; }"
# nft add rule filter divert meta l4proto tcp soc...
2019 Oct 15
1
Attempting to use tproxy on Centos 8 fails with 'No such file or directory'
On 10/15/19 9:16 PM, Nathan Coulson wrote:
> On 2019-10-15 12:12 p.m., Nathan Coulson wrote:
>> I was working on a haproxy transparent proxy setup that we had working
>> on Centos 7 (iptables), but running into issues getting tproxy working
>> with NFTables on Centos 8.
>>
>> From https://www.kernel.org/doc/Documentation/networking/tproxy.txt,
>>
>> It should be a matter of:
>>
>> # nft add table filter
>> # nft add chain filter divert "{ type filter hook prerouting priority...
2019 Oct 15
0
Attempting to use tproxy on Centos 8 fails with 'No such file or directory'
On 2019-10-15 12:12 p.m., Nathan Coulson wrote:
> I was working on a haproxy transparent proxy setup that we had working
> on Centos 7 (iptables), but running into issues getting tproxy working
> with NFTables on Centos 8.
>
> From https://www.kernel.org/doc/Documentation/networking/tproxy.txt,
>
> It should be a matter of:
>
> # nft add table filter
> # nft add chain filter divert "{ type filter hook prerouting priority
> -150; }"
> # nft...
2007 Mar 08
10
routing TCP to another box preserving ORIGINAL client IPs
My TCP clients connect to box A. I need to forward those connections to a
server on box B, such that the original client IPs are visible to the server
on B.
Each box has two Ethernet ports. One port on each box is connected to WAN,
and they are cross-connected in a LAN via remaining ports:
------------------- -------------------
WAN -- |eth0 Box A eth1|---LAN---|eth1 Box
2005 Jun 07
7
wrr question
Guys
All the recent discussions recently, and the knowledge of a 2.6 port,
of WRR has made me very keen on trying it. I had a look at the docs
and examples know but my mind is not in a very receptive state.
Take this simple example.
Incoming internet connection of 1mbps. Shared between up to 25 users
simultaneously.
I know that WRR can fairly distribute the traffic amongst the
currently
2015 May 15
0
OT: Avoiding redirection loops with iptables tproxy
Hi all,
I have a hard trouble with my iptables rules. I need to create a
netfilter config so that it does not redirect connections from a daemon
(like for example a squid proxy) to the original destinations.
Searching info about that, some ways to do that include to limit the
redirection rules to the incoming traffic interface, another to limit it
to a certain range of source IPs or to
2023 Jun 02
3
[Bug 1686] New: Transparent proxy support requires transport protocol match
...ote a nft script:
? cat test.nft
table inet test {
set protos {
typeof meta l4proto;
elements = { tcp, udp }
}
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
meta l4proto @protos tproxy to :1088
}
}
when I pass it to nft:
? sudo nft -f ./test.nft
./test.nft:8:38-52: Error: Transparent proxy support requires
transport protocol match
meta l4proto @protos tproxy to :1088
^^^^^^^^^^^^^^^
But it will work when I use anonym...
2006 Jan 13
6
Per user bandwidth limiting ..for small ISP.using Squid
Sir,
Kindly excuse me. I am a newbie to LARTC..
I am a small ISP in rural India distributing 1 MB
link to 200 people.
I have been using rshaper by Alessandro Rubini for
shaping.
http://freshmeat.net/projects/rshaper/
My kernel is Linux version 2.4.22-1.2115.nptl( Fedora
Core 1)
Rshaper is very good in controlling incoming bandwidth
(from LAN)
I use Squid also on this Linux Box..
Right
2012 May 31
5
Shorewall + squid + multi isp
Hello all,
I''m reading the nice documentation about shorewall with multi isp. And I wonder about squid (non transparent) and shorewall
Can I use on same machine, squid with ldap ident, dansguardian, and shorewall with multi-isp (four or five) ? Perhaps there is a problem because squid mask source IP, shorewall can maintain and load balance sessions for the same source IP ?
Thanks Fred
2012 May 18
11
Shorewall 4.5.4 Beta 3
...d not found
/usr/share/shorewall/modules: line 31: ?INCLUDE: command not found
/usr/share/shorewall/modules: line 35: ?INCLUDE: command not found
/usr/share/shorewall/modules: line 39: ?INCLUDE: command not found
These messages have been eliminated.
New Features:
Beta 1:
1) The TPROXY tcrules action introduced in Shorewall 4.4.7 was
incomplete and required additional rules to be added in the ''start''
or ''started'' extension scripts.
In this release, the TPROXY implementation has been changed and an
additional DIVERT action has b...
2012 May 18
11
Shorewall 4.5.4 Beta 3
...d not found
/usr/share/shorewall/modules: line 31: ?INCLUDE: command not found
/usr/share/shorewall/modules: line 35: ?INCLUDE: command not found
/usr/share/shorewall/modules: line 39: ?INCLUDE: command not found
These messages have been eliminated.
New Features:
Beta 1:
1) The TPROXY tcrules action introduced in Shorewall 4.4.7 was
incomplete and required additional rules to be added in the ''start''
or ''started'' extension scripts.
In this release, the TPROXY implementation has been changed and an
additional DIVERT action has b...
2012 Jul 06
4
puppetdb listening on ipv6 port 8081 , not ipv4
...g
err: Could not retrieve catalog; skipping run
on the puppet server, noticed puppetdb is listening on IPv6 not ipv4, is it
normal ?
[root@puppet ~]# lsof -i:8081
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 1050 puppetdb 39u IPv6 820438 0t0 TCP
puppet.domain.com:tproxy (LISTEN)
tried to telnet to puppet:8081, works though.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ertxm14svw4J.
To post to this group, send...
2013 Jun 13
3
"Multiple Internet Connections" with four interfaces
Hi,
I was reading document http://shorewall.net/MultiISP.html#idp3634200.
Inspired by the document I was trying to establish the following changes:
* one additional interface: COMA_IF
* COM[A,B,C]_IF interfaces request IP address via DHCP
* all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF
* all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default
* non-RFC 1918
2003 Jan 24
1
OT:
For the last couple of days, I''ve been seeing a bunch of these from 8
different domains from Germany to South Korea, etc. Can anyone give me an
idea as to what may be going on?
Jan 24 09:37:18 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
SRC=xx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=49
ID=47415 DF PROTO=TCP SPT=53121 DPT=25 WINDOW=5840 RES=0x00 CWR