by Illuminatus (Curate)
  1. You should not have to rebuild perl to use tproxy
  2. I see you are using IP_FREEBIND, but I believe you really need to be using IP_TRANSPARENT (which implies FREEBIND, but is a superset)
  3. You might want to post the iptables commands you have setup. I think the connect will fail if the underlying iptables routing options are not in place.
  4. When dealing with netlink/iptables, never expect any help from the error codes. They are almost always misleading and unhelpful. I speak from experience


by charlesboyo (Beadle) on Apr 16, 2011 at 02:06 UTC

    I was quite sure I should have used IP_TRANSPARENT but it wasn't defined in the headers files I had searched earlier. Doing a full system search revealed its definition and simply replacing IP_FREEBIND with IP_TRANSPARENT solved my problem.

    iptables work just fine, I'm using the mangle table with the TPROXY and socket targets and a custom route table as widely recommended.

    Thanks for the help. Charles

