Daniel wrote:
I built a tproxy upon bridge interface with tproxy-4.1.0, and it works fine.
Where is tproxy-4.1.0 download url ?
All I need to do is to add two ebtables broute rules below:
ebtables -t broute -A BROUTING -i $ETHIN \ -p ipv4 --ip-proto $TCP_PROTO --ip-dport $HTTP_PORT -j DROP ebtables -t broute -A BROUTING -i $ETHOUT \ -p ipv4 --ip-proto $TCP_PROTO --ip-sport $HTTP_PORT -j DROP
I am aware of this. This one is equally applicable to tproxy-4.0.3. For tproxy--4.0.3 ( not sure if it's applicable to tproxy-4.1.0 ), if the $ETHIN and $ETHOUT has no ip address ( ie only br interface has been assigned IP), it will cause a kernel panic due to accessing null pointer. Not sure if that's fixed in tproxy-4.1.0.
ebtables will force packets I specify being routed instead of being bridged, then packets will be routed to loopback interface. (Without the two rules, packets will be forwarded, ignoring any route rules)
But I have not done the same thing with tproxy-4.0.4, because these two version are totally incompatible. I prefer tproxy-4.1.0 than the old one because it can run on bridge mode without any extra hacking :-)
Where is tproxy-4.0.4 download url ? :-) Cheers