On Mon, May 05, 2003 at 09:20:51AM -0700, Dileep Kumar wrote:
Bazsi,
Let's say, I want to use TRPOXY to build a proxy that will protect all the clients accessing the Internet, assume INTERNET_GROUP is a set of subnets representing Internet.
The following entry will intercept all the connections going to Internet iptables -t tproxy -A PREROUTING -dest INTERNET_GROUP -j TPROXY --on-port 80
1) Is there any way I can only intercept HTTP connnections?
yes, match the destination port as well, e.g. iptables -t tproxy -A PREROUTING -d INTERNET_GROUP --dport 80 -j TPROXY --on-port 80 we are usually using separate port number for proxy listeners.
2) Once I intercept a connection, how do I retrieve the foreign address? Is there any TRPOXY option to retrieve the foreign address/port?
yes, the same as you would do with REDIRECT, SO_GETORIGDST, you can find many examples on the net. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1