Hi AYJ, Thanks for the reply. In this particular instance it's not for redirecting packets to Squid, it's to a custom service listening on a socket for both TCP and UDP data. It's capturing packets on all ports and forwarding to their appropriate handler. In addition for unauthenticated users it's also 'redirecting' their DNS queries to the built-in DNS server so as to properly handle the authentication process. This all works seamless (without NAT) on IPv4 but there are simply no signs of life when using TPROXY; it's simply as if the packets disappear into thin air. In the setup of the TPROXY rules, I can see packets getting counted on the rule and the appropriate TPROXY mark and ip rules are in place, but they never appear on the service nor do any of the DNS queries arrive. Thanks again for your comments. Steve. -----Original Message----- From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries Sent: Thursday, 28 June 2012 4:08 PM To: netfilter@xxxxxxxxxxxxxxx Subject: Re: Valid requirement for REDIRECT target on IPv6 where TPROXY won't do. On 28/06/2012 1:32 p.m., Steve (Telsat Broadband) wrote: > Hi All, > > I would like to see if there is some way we can get the 'REDIRECT' > target implemented into ip6tables; this isn't for NAT purposes; but > rather for the process of creating a captive portal for network users > access requests. We currently use the REDIRECT target on our gateway > for IPv4 and need the same functionality for IPv6. > > It has been suggested that 'TPROXY' which is available in the mangle > table is a replacement; but it isn't. I have tested TPROXY every > which way but still to no avail; the packets hit the TPROXY rule but > simply do not get send to the captive portal process which is running on the gateway machine. Strange. Quite a few people are happily using TPROXY to redirect IPv6 packets to a local Squid proxy portal. The only instances I've found problems are where NAT is also being used on the box and changing the packets after TPROXY has setup the routing rules. AYJ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
