Reply To: Direct transparent proxy traffic to a peer?

Home Page Forums Network Management Transparent Proxy Direct transparent proxy traffic to a peer? Reply To: Direct transparent proxy traffic to a peer?

#50418

roden
Member

I tried adding this, but it does not work:

-A PREROUTING -p tcp -m iprange –src-range 192.168.200.20-192.168.200.22 -m tcp –dport 80 -j DNAT –to-destination :

I omitted the IP and port of my destination above for privacy reasons (it’s a public IP).

I tried logging for my rules and I see this (in dmesg):

LINE0 IN=ETH00 OUT= MAC=00:50:56:a8:44:23:00:50:56:a8:4a:19:08:00 SRC=192.168.200.20 DST=10.102.129.240 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=29854 DF PROTO=TCP SPT=3319 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0

I see traffic on both interfaces of my Zeroshell box:

Internal:

21:40:26.540653 192.168.200.20.3368 > 10.102.129.240.80: S 2323931432:2323931432(0) win 64240 (DF)
21:40:26.546233 arp who-has 192.168.200.20 tell 192.168.200.2
21:40:26.546448 arp reply 192.168.200.20 is-at 0:50:56:a8:4a:19
21:40:26.546456 10.102.129.240.80 > 192.168.200.20.3368: S 1489832951:1489832951(0) ack 2323931433 win 65535 (DF)
21:40:26.546662 192.168.200.20.3368 > 10.102.129.240.80: . ack 1 win 64240 (DF)
21:40:26.547071 192.168.200.20.3368 > 10.102.129.240.80: P 1:346(345) ack 1 win 64240 (DF)
21:40:26.547780 10.102.129.240.80 > 192.168.200.20.3368: . ack 346 win 65535 (DF)
21:40:26.713389 10.102.129.240.80 > 192.168.200.20.3368: . 1:1461(1460) ack 346 win 65535 (DF)
21:40:26.713491 10.102.129.240.80 > 192.168.200.20.3368: P 1461:1513(52) ack 346 win 65535 (DF)
21:40:26.713533 10.102.129.240.80 > 192.168.200.20.3368: P 1513:2646(1133) ack 346 win 65535 (DF)
21:40:26.713553 10.102.129.240.80 > 192.168.200.20.3368: P 2646:2651(5) ack 346 win 65535 (DF)
21:40:26.713651 192.168.200.20.3368 > 10.102.129.240.80: . ack 2646 win 64240 (DF)
21:40:26.890460 192.168.200.20.3368 > 10.102.129.240.80: . ack 2651 win 64235 (DF)

External:
21:41:12.184460 192.168.200.20.3368 > 10.102.129.240.80: P 2323931778:2323932123(345) ack 1489835602 win 64235 (DF)
21:41:12.185375 10.102.129.240.80 > 192.168.200.20.3368: . ack 345 win 65535 (DF)
21:41:12.354599 10.102.129.240.80 > 192.168.200.20.3368: . 1:1461(1460) ack 345 win 65535 (DF)
21:41:12.354727 10.102.129.240.80 > 192.168.200.20.3368: P 1461:1513(52) ack 345 win 65535 (DF)
21:41:12.354777 10.102.129.240.80 > 192.168.200.20.3368: P 1513:2646(1133) ack 345 win 65535 (DF)
21:41:12.354807 10.102.129.240.80 > 192.168.200.20.3368: P 2646:2651(5) ack 345 win 65535 (DF)
21:41:12.354950 192.168.200.20.3368 > 10.102.129.240.80: . ack 1513 win 64240 (DF)
21:41:12.355001 192.168.200.20.3368 > 10.102.129.240.80: . ack 2651 win 63102 (DF)

The destination 10.102.129.240 is on our network. So obviously it’s not redirecting. And no page loads. Am I missing something? Do I need to add something to POSTROUTING? I also see these:

-A PREROUTING -p tcp -m tcp –dport 80 -j Proxy
-A POSTROUTING -j SNATVS
-A POSTROUTING -o ETH01 -j MASQUERADE
-A Proxy -s 192.168.200.21/32 -i ETH00 -p tcp -j ACCEPT
-A Proxy -s 192.168.200.10/32 -i ETH00 -p tcp -j ACCEPT
-A Proxy -s 192.168.200.20/32 -i ETH00 -p tcp -j REDIRECT –to-ports 8080

I’m not sure where the rule to redirect to 8080 comes from. Possibly someone else at my work added it. I tried disabling it, but it made no difference. Any more help would be greatly appreciated!!