开发者

Retrieving original destination from iptables after REDIRECT

I'm writing an application proxy for generic use.

I want to use this as a transparent proxy, where my original plan is to use iptables with a REDIRECT ru开发者_JAVA百科le forward all connections to my application proxy.

The problem here is of course, that my application proxy lose the information about the intended destination.

Is it possible to query iptables to retrieve the originally intended recipient? Any other possible solution to this problem is also appreciated!


Perhaps this is what you were looking for?

http://www.network-builders.com/iptables-redirect-original-destination-ip-t69515.html

Read the SO_ORIGINAL_DST option of the TCP socket.
Or look up the connection tracking table in /proc/net/ip_conntrack.

#include <linux/netfilter_ipv4.h>

struct sockaddr_in addr;
socklen_t addr_sz = sizeof(addr);
memset(&addr, 0, addr_sz);
addr.sin_family = AF_INET;
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, &addr, &addr_sz);

  I think you should be able to convert that to something similar for python.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜