locked
Redirecting traffic to local proxy application using FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 RRS feed

  • Question

  • Hi,

    I am using WFPSampler.exe Proxy based redirecting using the -s PROXY option and FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 layer.A sample user mode application (Win32 app using WinSock) is developed that reads the proxied data and forwards to predefined set of ipaddress/port combination.

    This scenario works fine when the sample proxy application is executed on a remote machine and WFPSampler.exe is used with -pra and -prp option along with -prs.

    However when I run the same proxy application on a local interface (either on loopback interface or on other interface) the proxing stops working. The WFPSampler.exe doesnt return any error, however when I try to access the destination ip address and port no configured using ipra and iprp the application gets Connection error. Cannot see any traffic flowing on the loopback as well the network interface.

    I have set the process id of the local application using -plspid but no luck. What could be wrong? Is there any step I am still missing.

    Commands that I have used are :
    # Fwd to remote service
    WFPSampler.Exe -s PROXY -l FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 -prs -ipra 192.168.10.52 -iprp 9000 -pra 192.168.10.54 -prp 5050 -in -v

    This works fine. Now if I take the sample application running on 192.168.10.54 port 5050 and run it locally and configure WFPSampler.exe as below

    WFPSampler.exe -s PROXY -l FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 -ipra 192.168.10.52 -iprp 9000 -pla 127.0.0.1 -plp 5050 -v -plspid 9184
    It stops working (I used putty to connect to connect to 192.168.10.52 port 9000 and it throws Network is unreachable error.)

    Any help regarding this would be appreciated.
    Thanks in advance.
    Regards,
    AK
    Monday, May 29, 2017 12:04 PM

Answers

  • you shoud configure WFPSampler.exe as below:

    WFPSampler.exe -s PROXY -l FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 -ipra 192.168.10.52 -iprp 9000 -pra 127.0.0.1 -prp 5050 -v -plspid 9184

    it make BFE modify the connection's remote address and port.

    • Marked as answer by AKarnil Monday, December 2, 2019 1:39 PM
    Wednesday, May 31, 2017 11:42 AM

All replies

  • The accept call in the proxy application never returns. Do we need to do anything special in the Proxy application. I assume the SIO_QUERY_WFP_CONNECTION_REDIRECT_RECORDS need to be called after accept returns. I am using Win 8 for trying out this? Should I use OUTBOUND and INBOUND filters rather than CONNECT_REDIRECT?

    Monday, May 29, 2017 6:09 PM
  • you shoud configure WFPSampler.exe as below:

    WFPSampler.exe -s PROXY -l FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 -ipra 192.168.10.52 -iprp 9000 -pra 127.0.0.1 -prp 5050 -v -plspid 9184

    it make BFE modify the connection's remote address and port.

    • Marked as answer by AKarnil Monday, December 2, 2019 1:39 PM
    Wednesday, May 31, 2017 11:42 AM
  • Thanks for the answer. This works however before trying to do any connects I have to remove all previous groups of WFP objects using WFPSampler.exe -clean all

    Also I don't need to specify the -plspid option once the WFP objects are cleaned.

    Any explanation? I would like to avoid cleaning all previous WFP objects.

    Regards,

    Amit

    Saturday, July 29, 2017 3:22 AM