Jeffrey 'jf' Lim írta:
On Tue, Jun 24, 2008 at 2:51 PM, Laszlo Attila Toth <panther@balabit.hu <mailto:panther@balabit.hu>> wrote:
Jeffrey 'jf' Lim wrote:
just curious, but is there like some kind of a version number for tproxy? Saw a "tproxy-4.0" directory under "legacy" in downloads (http://www.balabit.com/downloads/files/tproxy/obsolete/), but no mention of anything on the main page, nor readme, nor the files in the patch (well, not exactly but.. unless it's "1.5.2.5 <http://1.5.2.5> <http://1.5.2.5>"?)
TProxy 4.0 became available in July 2007, and now its newer version is in the http://www.balabit.com/downloads/files/tproxy directory. This version doesn't have a tproxy table, both the target (TPROXY) and the match (socket) is used in the mangle table.
Current version is 4.1, but sometimes it is also called as simply tproxy4.
I don't mention the older (obsolete) versions anywhere because it is still available if someone want to use it, but they are not maintanined (except TProxy 4.0, as a part of our product's kernel).
ok, thanks. One question - iptables is really for user-level (as in, "a command-line tool") stuff, right? so if all we need is the tproxy functionality, do we really need to bother with patching and compiling iptables?
Iptables requires for the transparent proxying setup. For instance the rule redirects via the TPROXY target the packets with destination port to the local host's port 50080: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 50080 --tproxy-mark 1/1 After that the squid has to indicate that it accepts packets redirected this way. It happens via the IP_TRANSPARENT socket option. This is why the --enable-linux-netfilter configure option is required for squid. -- Panther