Hello, thanks for this FAQ. Some additional comments: Ming-Ching Tiew wrote:
1. There are at least 3 different versions of tproxy kernel patches.
Each tproxy kernel patch is quite strongly tied to a kernel version,
tproxy2 - kernel 2.6.18 - don't know where it is now, google for it.
The url is: http://www.balabit.hu/downloads/files/tproxy/obsolete/
tproxy-4.0.x - kernel 2.6.22 - balabit website
http://www.balabit.hu/downloads/files/tproxy/
tproxy-4.1.0 - kernel 2.6.25 - netfilter website or balabit website
AFAIK the "official website" is for kernel <=2.6.24 http://people.netfilter.org/hidden/tproxy but the actual version of tproxy 4.1 for 2.6.25 is here: http://people.balabit.hu/panther/tproxy
The kernel patch might work with nearby kernel versions, for example, tproxy2 might work with kernel 2.6.19; however it will not work will kernel 2.6.22 ( unless you port it ).
3. All the tproxy kernel patches are not compatible with one another. Each requires it's own way of setup and usage. So before doing anything, check if you have gotten the correct info/tproxy version/patches.
These are some of the info :-
tproxy2 - Requires additional patch to get SNAT working Don't seem to have problem with bridge
tproxy4.0.x - Requires additional patches for SNAT and FWMARK. Some hurdles with bridge.
tproxy4.1.0 - Still in the cooking. Some hurdles with bridge.
Currently the latter version is under testing in bridge environment (when I have enough time for it), but I have no idea yet why it is not working. -- Panther