no chance transparent proxy
Ralf Hemmann
ralf@convergence.de
Wed, 18 Jul 2001 01:54:39 +0200
Hy.
After hours from trying I decided to write a message to this list.
Maybe somebody can bring some light into my gloomy march.
Situation:
I try to make transparent proxy with frox.
At the Moment I have a rule:
#Squid Proxy
$FW -t nat -A PREROUTING -i eth1 -s ! 10.1.1.90 -p tcp --dport 80 -j
DNAT --to 10.1.1.90:3128
#Frox Proxy
$FW -t nat -A PREROUTING -i eth+ -s ! 10.1.1.90 -p tcp --dport 21 -j
DNAT --to 10.1.1.90:2121
10.1.1.90 is my Proxy host
eth+ is because a kind of resignation parameter ;-)
The http proxy works very well - no problems at all.
But the client gives me a:
connected to ftp2.de.kernel.org
501 Proxy unable to contact ftp server
and the proxy logfile says:
Connecting to server...connect: Connection refused
frox[22513] Connection closed -- unable to contact server
This proofes that the DNAt rule does its job ;-)
The proxy server host itself is able to make ftp connections and is is
not redirected to prevent loops.
Maybe a hint is that my firewall gives me a:
Jul 18 01:33:18 buserror kernel: NAT: 3 dropping untracked packet
c0ad4120 1 10.1.1.1 -> 10.1.1.90
Jul 18 01:33:18 buserror kernel: NAT: 3 dropping untracked packet
c0ad4120 1 10.1.1.1 -> 10.1.1.89
10.1.1.1 is my firewall and 10.1.1.89 is the host I make the ftp
connection from.
I get this only when I use the ftp proxy rules.
Can anybody tell me what the problem could be ?
If you need more information feel free to contact me at
ralf@convergence.de
Thanks in advance
--
convergence integrated media
administration team