18 Sep
2007
18 Sep
'07
2:22 p.m.
On Sep 18 2007 15:05, KOVACS Krisztian wrote:
On k, szept 18, 2007 at 02:59:50 +0200, Jan Engelhardt wrote:
Case 2 to imagine: with squid; can use -j REDIRECT instead of -j TPROXY.
Well, you can, but then you need NAT.
Where do I need NAT? Squid will use setsockopt(IP_FREEBIND/IP_TRANSPARENT) and bind(client_src_addr). Which is why -j TPROXY is so puzzling to me.
REDIRECT needs NAT. And you can't implement "intercepting" traffic without some kind of redirection. So it's required for squid & co.
Right, except that I do not use REDIRECT actually, but let the clients directly (and knowingly) connect to proxy:3128. Whee :)