Hi all, I am Bryan Liang, a newbie to TPROXY. I am using TPROXY 2.0.6 with kernel 2.6.20.21. It works fine in router mode. I am going to run TPROXY in bridge mode. Here is my linux box setting. eth0: local admin port, IP address: 192.168.43.130, netmask 255.255.255.0, default gw 192.168.43.1 eth1 and eth2 belong to br0 (bridge device) br0: IP address: 0.0.0.0 This means I can use eth0 as admin port to manage my linux box. And I do not assign IP address to bridge interface. My problem is, does TPROXY work on a bridge without IP address? Thank you in advance. :) Thanks, -Bryan
Hello, Liang Bin wrote:
Hi all,
I am Bryan Liang, a newbie to TPROXY. I am using TPROXY 2.0.6 with kernel 2.6.20.21 <http://2.6.20.21>. It works fine in router mode.
I am going to run TPROXY in bridge mode. Here is my linux box setting.
eth0: local admin port, IP address: 192.168.43.130 <http://192.168.43.130>, netmask 255.255.255.0 <http://255.255.255.0>, default gw 192.168.43.1 <http://192.168.43.1> eth1 and eth2 belong to br0 (bridge device) br0: IP address: 0.0.0.0 <http://0.0.0.0>
This means I can use eth0 as admin port to manage my linux box. And I do not assign IP address to bridge interface.
My problem is, does TPROXY work on a bridge without IP address?
No, it doesn't work without an IP address because tproxy2 uses nat rules which require an IP address on the bridge interface too. If another host connects to a proxy application, the proxy gets the incoming packets but it has to respond with others. The latter packets cannot be routed without that IP address. - Panther
< No, it doesn't work without an IP address because tproxy2 uses nat rules < which require an IP address on the bridge interface too. < < If another host connects to a proxy application, the proxy gets the < incoming packets but it has to respond with others. The latter packets < cannot be routed without that IP address. < - < Panther Thanks Panther. Are there any plans to let TPROXY work in this request? Because in some environment, IP address can not be assigned on the bridge. If we need to put the linux box at the front of internet gateway, there will be no IP address assigned. -- Thanks, -Bryan
Hello, Bryan Liang wrote:
< No, it doesn't work without an IP address because tproxy2 uses nat rules < which require an IP address on the bridge interface too. < < If another host connects to a proxy application, the proxy gets the < incoming packets but it has to respond with others. The latter packets < cannot be routed without that IP address.
< - < Panther
Thanks Panther. Are there any plans to let TPROXY work in this request?
As I mentioned above: it won't work, because the outgoing packets (from a proxy application) must be routed before reaching the real network. I don't know another solution. Also the
Because in some environment, IP address can not be assigned on the bridge. If we need to put the linux box at the front of internet gateway, there will be no IP address assigned.
But it may have one. AFAIK the only reasonable environment for a bridge without IP address is where the linux box is used for traffic spoofing (especially intrusion detections). This is not necessary for transparent proxying. -- Panther
participants (3)
-
Bryan Liang
-
Laszlo Attila Toth
-
Liang Bin