[tproxy] TPROXY USAGE
Balazs Scheidler
bazsi@balabit.hu
Thu, 8 May 2003 17:21:00 +0200
On Mon, May 05, 2003 at 09:20:51AM -0700, Dileep Kumar wrote:
> Bazsi,
>
> Let's say, I want to use TRPOXY to build a proxy that will protect all the
> clients accessing the Internet, assume INTERNET_GROUP is a set of subnets
> representing Internet.
>
> The following entry will intercept all the connections going to Internet
> iptables -t tproxy -A PREROUTING -dest INTERNET_GROUP -j TPROXY --on-port
> 80
>
> 1) Is there any way I can only intercept HTTP connnections?
yes, match the destination port as well, e.g.
iptables -t tproxy -A PREROUTING -d INTERNET_GROUP --dport 80 -j TPROXY --on-port 80
we are usually using separate port number for proxy listeners.
>
> 2) Once I intercept a connection, how do I retrieve the foreign address? Is
> there any TRPOXY option to retrieve the foreign address/port?
yes, the same as you would do with REDIRECT, SO_GETORIGDST, you can find
many examples on the net.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1