Bug 662399 - Enable ipv6 tproxy
Summary: Enable ipv6 tproxy
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: iptables
Version: rawhide
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-12 12:50 UTC by Nicolas Mailhot
Modified: 2011-08-27 15:31 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-12 13:44:12 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Mailhot 2010-12-12 12:50:11 UTC 
Description of problem:

When following the instructions on
http://wiki.squid-cache.org/Features/Tproxy4

I get the following errors

# ip6tables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
ip6tables v1.4.9: Couldn't load match `socket':/lib64/xtables/libip6t_socket.so: cannot open shared object file: No such file or directory

Try `ip6tables -h' or 'ip6tables --help' for more information.


# ip6tables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
ip6tables v1.4.9: unknown option `--tproxy-mark'

I thought the necessary bits had been merged upstream ; please build them

2.6.37-0.rc5.git2.1.fc15.x86_64
Comment 1 Kyle McMartin 2010-12-17 16:07:02 UTC 
Sounds like it's a userland issue.

master@kernel:.% git grep TPROXY .                                                                                                              (kyle@dreadnought:~/fedpkg/kernel)
config-generic:CONFIG_NETFILTER_TPROXY=m
config-generic:CONFIG_NETFILTER_XT_TARGET_TPROXY=m

Re-assigning.
Comment 2 Trever Adams 2011-06-08 15:09:11 UTC 
I would like to see this as well. I am seeing the same bugs.
Comment 3 Peter Czanik 2011-06-09 07:13:52 UTC 
iptables 1.4.11.1 should have support for it.
Comment 4 Trever Adams 2011-06-09 21:50:56 UTC 
It would be good to have 1.4.11.1 in F15 then. I will be posting my World IPv6 Day results soon to Fedora-Devel, this is one of the few problems I had.
Comment 5 Nicolas Mailhot 2011-07-09 20:34:58 UTC 
(In reply to comment #3)
> iptables 1.4.11.1 should have support for it.

can it be built then? it's been released a month and a half ago now
Comment 6 Thomas Woerner 2011-07-11 14:19:43 UTC 
Fixed in rawhide in package iptables-1.4.11.1-1.fc16 or newer.
Comment 7 Trever Adams 2011-07-11 19:34:24 UTC 
This really needs to be fixed in F15 as well.
Comment 8 Thomas Woerner 2011-07-12 10:31:21 UTC 
Reopening due to missing requirements in the buildroot after build: iproute requires libxtables.so.5
Comment 9 Thomas Woerner 2011-07-12 13:44:12 UTC 
Fixed in rawhide in rpm iptables-1.4.11.1-2.fc16 or newer. iproute has been updated, also.
Comment 10 Trever Adams 2011-08-27 15:31:13 UTC 
Is this at all possible to get in FC15?
Note You need to log in before you can comment on or make changes to this bug.