2009/7/5 John Lauro <john.lauro@covenanteyes.com>:
Most of the examples I found are for more specific cases, such as for use with squid on just port 80. I am not certain I understand fully the interaction between the rules for iptables and the interaction with tproxy. Is there someplace this is all documented, along with all the details from a programmer perspective such as the use of setsockopt? (I think I just need updated man pages?)
Ive been looking to put some better documentation together for what Lusca does for TPROXY4 (I'm guessing you're talking about that and not TPROXY2.) In any case, the process is somewhat like this: * iptables/routing table setup - http://wiki.squid-cache.org/Features/Tproxy4 * create listen socket * setsockopt to make it transparent * bind() to 0.0.0.0, relevant port that you've redirected traffic to * listen() as usual Then, you accept() as usual, use getsockname() to determine the original destination. Then for the outbound socket: * create socket * setsockopt to make it transparent * bind() to relevant IP (and port, or leave it 0 to let the stack choose a port IIRC) * connect() as usual I haven't yet really looked into the TPROXY4 kernel implementation to know precisely what is going on. I can't find some clear, concise documentation either explaining the "how" or "why" behind the iptables rules and why packets need to be punted via the loopback interface. HTH, Adrian