[tproxy] Tproxy changes for performing dual NAT
Arun S
hi2arun at gmail.com
Fri Oct 12 15:40:52 CEST 2007
Hi Zul,
Here are the steps to be followed:
1. Apply Cttproxyv2.0.6 to linux kernel v2.6.18
2. Apply the given patch for dual NAT
3. Compile the kernel as usual with TPROXY support enabled.
4. Run Squid (I have tested it with Squid v 2.6) with tproxy related
options enabled.
5. Add TPROXY rule to redirect HTTP packets:
e.g.: iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY
--on-port 3128
[Assuming Squid proxy listens on port 3128]
6. Add POSTROUTING rule for performing SNAT.
e.g. Say LAN network is 192.168.1.0/24,
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to <Src IP>
Please let me know of any issues along with the kernel version , Squid
version, iptables rules and your test setup.
On 12/10/2007, zulkarnain <sizulku at yahoo.com> wrote:
> > On 10/10/2007, Arun S <hi2arun at gmail.com> wrote:
> > Hi Bazsi,
> >
> > Sometimes it is required to SNAT HTTP traffic that is not possible
> > with Cttproxy-v2.0.6; since double NAT is not possible.
> >
> > Here is a patch attached to solve that issue.
> >
> > This patch helps to perform SNAT in POSTROUTING chain of TPROXY table
> > as well as in POSTROUTING chain of NAT table.
> >
> > Can you please validate this patch let me know your concerns.
>
> Hi Arun,
>
> I'm having problem to perform dual NAT using your patch. Would you please be more detail and give some example how to use it? Thanks!
>
> Regards,
> Zul
>
>
>
> ____________________________________________________________________________________
> Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
> http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
>
--
Regards,
Arun S.
More information about the tproxy
mailing list