search

sonertari / SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
BSD 2-Clause "Simplified" License
377 stars 98 forks source link

Troubles with netfilter TPROXY #24

Closed kalashny closed 3 years ago

kalashny commented 3 years ago

Hi! After configuring iptables rule with TPROXY sslproxy has stopped accepting connections. And at the same time, REDIRECT rule works perfectly, and new connections appeared in output with -D option. Installation was performed on CentOS 6.5. Engine was detected correctly: netfiler* tproxy v

An attempt in the directive HAVE_NETFILTER to use methods from directive IP_TRANSPARENT was successful, then rule with TPROXY works fine. It is strange that packets were processed by HAVE_NETFILTER (nat_netfilter_lookup_cb), although they should be processed IP_TRANSPARENT (nat_getsockname_lookup_cb, nat_iptransparent_socket_cb). Or have I made a mistake somewhere?

sonertari commented 3 years ago

Can you also provide the command line or configuration options you run sslproxy with?

kalashny commented 3 years ago

Sorry, it was my mistake. netfilter used as engine by default, just had to look output sslproxy -E. Star in output sslproxy -V probably also talks about it. With option -e tproxy rule with TPROXY works fine. engine