On Mon, 2004-09-27 at 15:37, Jason Opperisano wrote:keep in mind that a side-effect of the REDIRECT "magic" is that the SYN
does not go to; nor does the SYN-ACK come from, wum's IP address (as was
evident from the tcpdump snippet provided).
with the REDIRECT target, wum will pretend to be the destination web server from the perspective of the client and tor.
all this being said--i couldn't tell from the OP why things weren't working.
tcpdump anywhere and everywhere and you'll find the culprit.
-j
hmmm...along those same lines--i just had a thought. is it possible
that "rp_filter" on tor is blocking the packets from wum because "-j
REDIRECT" is making wum spoof the address of the destination web server?
on tor, check:
sysctl -a | grep '\.rp_filter' sysctl -a | grep log_martians
try either (a) setting rp_filter=0 on the interface on tor that is connected to wum, or (b) leave rp_filter=1 and set "log_martians=1" on that interface on tor to see if rp_filter is; in fact, the culprit.
just a thought.
-j
Oh my gosh, you are so brilliant!
I doubted this was the problem, since squid's logs showed no activity - I thought my problem was in reaching wum, not in receiving returning packets. Shows how much I know : P
Strangely, sysctl -w net.ipv4.conf.eth2.log_martians=1 doesn't log a thing. I don't understand why - I tailed every file in /var/log.
I set sysctl -w net.ipv4.conf.eth2.rp_filter=0 anyway, & it works! Thank you so much!
I'd like to send you a token of my appreciation, if you'll give me your postal address. (It's homemade, so please don't get too excited : )
Sincere thanks for everyone's help!
Jack
