Get original destination IP and port with Linux 2.4 iptables redirect?

L

Lincoln Yeoh

Sorry to repost this but I still haven't figured it out and there
weren't any responses.
---
Say I use iptables to redirect tcp connections to my perl proxy
servers. How then do I get the original destination IP address and tcp
port?

On FreeBSD I just use ipfw and fwd and then following works:
$daddr=$client->sockhost;
$dport=$client->sockport;

And then my various proxies work transparently.

But on Linux I'm supposed to use some FD options:
e.g.
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, &dst_addr, &slen)

What's a good way to do this with perl? Working examples would be very
helpful.

I've tried perl's getsockopt but replacing OPTNAME with
SO_ORIGINAL_DST doesn't work - it's not defined.

perl -f getsockopt
getsockopt SOCKET,LEVEL,OPTNAME

I've tried specifying a numerical 80 for OPTNAME but not sure how to
get the address etc.

Thanks,
Link.
 
B

Ben Morrow

Lincoln Yeoh said:
Say I use iptables to redirect tcp connections to my perl proxy
servers. How then do I get the original destination IP address and tcp
port?

On FreeBSD I just use ipfw and fwd and then following works:
$daddr=$client->sockhost;
$dport=$client->sockport;

And then my various proxies work transparently.

But on Linux I'm supposed to use some FD options:
e.g.
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, &dst_addr, &slen)

What's a good way to do this with perl? Working examples would be very
helpful.

I've tried perl's getsockopt but replacing OPTNAME with
SO_ORIGINAL_DST doesn't work - it's not defined.

perl -f getsockopt
getsockopt SOCKET,LEVEL,OPTNAME

I've tried specifying a numerical 80 for OPTNAME but not sure how to
get the address etc.

The call in Perl is the same as C, except that return values are
returned instead of being passed by reference. So

use Socket qw/inet_ntoa/;

my $packed_addr = getsockopt $SOCK, SOL_IP, SO_ORIGINAL_DST;
my $addr = inet_ntoa $packed_addr;

(untested) should work. To get the values of the constants you will
need to poke around in your headers... on my machine, SOL_IP is
defined to be 0 in <bits/in.h> and SO_ORIGINAL_DST to be 80 in
<linux/netfilter_ipv4/ip_nat.h>. You could try throwing those headers
at h2ph, just for a laugh :), or you could just put use constant
statements at the top of your program.

Ben
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top