On Wed, 19 Jul 2000, Alexander V. Lukyanov wrote:
> iptables --table nat -A PREROUTING -p tcp -d 0.0.0.0/0 --dport 80 -j REDIRECT --to-port 81
> iptables --table nat -A OUTPUT -p tcp -d 0.0.0.0/0 --dport 80 -j REDIRECT --to-port 81
> Everything works if the HTTP request includes Host: field with port
> number. But if it is absent, the request goes to correct host but to
> port 81, this is where tproxy listens. This happens when connection
> originates at localhost, I have not tried it with forwarding yet.
>
> I guess this is either a bug in kernel (which returns wrong port in
> getsockname), or there is some other method for retrieving original
> port number. I hope somebody knows it.
The getsockname() "hack" is dead in 2.4.
See below...
Matthew.
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:15 EST