[tproxy] tproxy in newer 2.6 kernels
Lennert Buytenhek
buytenh at wantstofly.org
Tue Jul 11 11:52:56 CEST 2006
On Tue, Jul 11, 2006 at 11:41:14AM +0200, Jan Engelhardt wrote:
> > REDIRECT functionality does work upstream, but TCP source address
> > spoofing can only be achieved with iptables SNAT.
>
> SNAT in -t nat -A OUTPUT does not seem to work AFAICR, so you need at
> least two boxes to implement the SNAT, right?
We do it in POSTROUTING and that seems to work fine?
cheers,
Lennert
More information about the tproxy
mailing list