[Openswan Users]
Transparent proxy not works with ipsec tunnel enabled
Victor Soroka
gbs at tnss.kharkov.ua
Fri Aug 20 02:45:36 CEST 2004
Hello!
I have:
INET <-> eth0 Linux (openswan) 176.17.17.1 eth1 <-untrusted network-> 176.17.17.9 Windows XP ipsec / Windows 98 SoftRemote
My trouble - transparent proxy stop working when ipsec tunnel enabled.
It seems like packets drops after DNATing. Masquerading works perfectly with ipsec.
Firewall setup:
iptables -I PREROUTING -t nat -p tcp -s 176.17.17.0/24 -d ! 176.17.17.1 --dport 80 -j REDIRECT --to-port 3128
OR
iptables -t mangle -I PREROUTING -p 50 -d 176.17.17.1 -j MARK --set-mark 10
iptables -t nat -I PREROUTING -p tcp -m mark --mark 10 -s 176.17.17.0/24 -d ! 176.17.17.1 --dport 80 -j REDIRECT --to-port 3128
OR
iptables -t mangle -I INPUT -p 50 -d 176.17.17.1 -j MARK --set-mark 10
iptables -t nat -I PREROUTING -p tcp -m mark --mark 10 -s 176.17.17.0/24 -d ! 176.17.17.1 --dport 80 -j REDIRECT --to-port 3128
OR -j DNAT --to 176.17.17.1:3128 instead of -j REDIRECT
I see packets passing through my rules
# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 10334 packets, 793K bytes)
pkts bytes target prot opt in out source destination
26 2560 REDIRECT tcp -- * * 176.17.17.0/24 !176.17.17.1 tcp dpt:80 redir ports 80
^^^^^^
Please help! Thanks!
Victor.
--
I World War (1914-1918)... II World War (1939-1945)... Windows (95-2000)...
Don't allow new tragedy. Live in Peace! Be happy with LiNUX!
More information about the Users
mailing list