Hi,
TProxy tarballs for 2.6.10 and 2.4.29 are available for download on
the usual page:
http://www.balabit.com/downloads/tproxy/
There were no significant changes in TProxy itself, but changes in the
Netfilter code supplied with these kernels made older TProxy tarballs
incompatible with these versions of the Linux kernel. Please note that
the vanilla 2.6.10 release contains a serious bug in the TCP connection
tracking code, so if you plan to use that on production systems make
sure that the appropriate patch[1] is applied. I've also updated the
window tracking code for Linux 2.4 included in the 2.4 tarball for
TProxy, this fixes a couple of problems found after the inclusion of the
code in Linux 2.6.9.
As always, 04-nat_delete.diff is completely optional, please do not
apply that patch unless you _really_ know what you're doing.
MD5 checksums of the two tarballs:
MD5: 2c9e4da79488794cc046357e34282c47 cttproxy-2.4.29-2.0.0.tar.gz
MD5: 67f2806136549972c19258ffc7fb7a08 cttproxy-2.6.10-2.0.0.tar.gz
[1]:
https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017908.…
--
Regards,
Krisztian Kovacs
Dear all,
I test the performance of TPROXY (cttproxy-2.4.20-14)
on a dual XEON, Giga-bit machine. The environment
setting is:
Client <-------> Proxy <---------> Server
#1: With TPROXY, fully transparent (both to client and
to server)
#2: Without TPROXY, no transparency, client connects
to proxy directly.
#3: With iptables built-in REDIRECT, Half transparent
(to client only)
#4: With TPROXY, Half transparent (to client only)
The results are:
#1: 184 Mbits/s
#2: 671 Mbits/s
#3: 554 Mbits/s
#4: 551 Mbits/s
From #2 and #4, the overhead of one NAT is 120
Mbits/s.
#1 (fully transparency) is too bad....It should be
around 430 Mbits (671 - 120 * 2 since two NATs )
Does anyone know why the performance drops so
drastically when using fully-transparency???
Thanks,
Eric Li
__________________________________
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
http://info.mail.yahoo.com/mail_250