Aviad Lahav wrote: > Hi all, > I've posted this to the netfilter-users but got no response, hope I > can get more help here. > > > I'm trying to set up an SSL transparent proxy, and I've seen very > bizarre behavior on my system. > I've added two NAT rules to the PREROUTING chain, looking like this: > > # iptables -L -v -t nat > Chain PREROUTING (policy ACCEPT 561 packets, 70236 bytes) > pkts bytes target prot opt in out source destination > 20 1280 REDIRECT tcp -- ppp0 any anywhere > anywhere tcp dpt:4309 redir ports 4443 > 8 512 REDIRECT tcp -- ppp0 any anywhere > anywhere tcp dpt:https redir ports 4443 > > So I've got a listener on port 4443, accepting connections from both > ports 443 and 4309. > When I'm doing the first recv() in my accepting server, I get the > incoming connections to port 443 very well, BUT: > Incoming connections to port 4309 gets *3 extra bytes* in the > beginning of the connection (maybe also to subsequent packets, but I > haven't had the chance to see this data yet...() > > The first 3 bytes I'm getting is: > 0x00 0x01 0x05 > > My machine is an up-to-date Ubuntu 9.10 (karmic), and the packets are > coming from a client connected thru pptpd. > Anyone has a clue? My first guess would be that pptpd does something wrong, that's where I'd start debugging. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
