[tproxy] tproxy in newer 2.6 kernels

Jan Engelhardt jengelh at linux01.gwdg.de
Sun Jul 23 17:53:13 CEST 2006


>
>> Of course, it's not giving the real IP address, but at least some
>> address that remains the same over time.
>
>Sorry, what do you mean by this?
>
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.1     0.0.0.0         255.255.255.0   U     0      0      0   eth1
192.168.2.1     0.0.0.0         255.255.255.0   U     0      0      0   eth2
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0      0   eth1

iptables -t nat -A POSTROUTING -i eth2 -o eth1 \
	-j NETMAP --to-dest 192.168.1.0/24
iptables -t nat -A POSTROUTING -s 192.168.1.2 -o eth1 -m owner \
	--uid-owner squid -j SNAT --to-source 192.168.1.2-192.168.1.254

The latter... it does not SNAT to the "real" address (i.e. 192.168.2.123 
might get 192.168.1.240 instead of 192.168.1.123), but it suffices.


Jan Engelhardt
-- 


More information about the tproxy mailing list