On Wed, 2009-12-02 at 18:51 -0800, Ashwani Wason wrote:

I want to understand the tproxy rules that have been kindly written for us in http://www.balabit.com/downloads/files/tproxy/README.txt. I understand every aspect of those rules, iptables and iproute2, except this one small highlighted bit in the last rule.

ip route add local 0.0.0.0/0 *dev lo* table 100

# ip route show table 100 local default dev lo scope host

So packets with fwmark 1 get selected for this routing table, which assumes that all destinations are assigned to this host and hence delivers the packets locally. But the output device is set to 'lo', which is the local loopback device. However even if the proxy is not listening on the IP of lo (say it only has the socket for eth0 and the packet came in on eth0), it still receives the packet. So is the 'lo' here just a way to indicate local delivery to the associated physical interface and does not really represent the actual output interface? Can someone please shed some light on this that is more than a simple yes/no answer?

All local traffic is in fact using the "lo" device, so if you are pinging one of your local IP addresses, you can confirm via tcpdump that they indeed are on the "lo" device and not on the ethernet where the IP is assigned. Routing rules must have an interface assigned to them and it doesn't really matter which one it is, the trick is in the "local" specifier in the rule, that directs the kernel to route packets to the local IP stack. -- Bazsi