How can I forward TPROXY and its UDP port to a sub-net?

phantomcraft

2/7/23, 6:17 AM

I can forward a transparent proxy to a sub-net with:

iptables -t nat -A PREROUTING -i eth2 -p tcp --syn -j DNAT --to-destination 127.0.0.1:10000

But how can I do the same with TPROXY? I want to forward UDP.

I tried:

ip rule add fwmark 1088 table 100
ip route add local default dev eth2 table 100
iptables -t mangle -A OUTPUT -o eth2 -p udp -j MARK --set-mark 1088 
iptables -t mangle -A PREROUTING -i eth2 -p udp -j TPROXY --on-ip 10.0.0.1 --on-port 10000 --tproxy-mark 1088

The tproxy server shows:

2021/10/08 21:23:55 server.go:126: [tproxyu] 10.0.0.2:33349 <->1.1.1.1:53 via 127.0.0.1:9000

The socks5 server shows:

2021/10/08 21:23:55 server.go:150: [socks5u] 127.0.0.1:33328 <->1.1.1.1:53 via DIRECT

The logs show that the connection was received, but can't connect to host Internet.

am I doing something wrong?

0 + 0

iptables

transparent-proxy

udp

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can I forward TPROXY and its UDP port to a sub-net?

TH: ฉันจะส่งต่อ TPROXY และพอร์ต UDP ไปยัง sub-net ได้อย่างไร

RO: Cum pot redirecționa TPROXY și portul său UDP către o subrețea?

RU: Как я могу перенаправить TPROXY и его порт UDP в подсеть?

VI: Làm cách nào tôi có thể chuyển tiếp TPROXY và cổng UDP của nó sang một mạng con?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.