[tproxy] tproxy in newer 2.6 kernels
Jan Engelhardt
jengelh at linux01.gwdg.de
Tue Jul 25 21:44:29 CEST 2006
>>
>> Ah, hm, right. Note that the code I posted inserts an SNAT rule every
>> single time a connection is made, so it does let you keep your original
>> source address. (But it needs some app hacking.)
>
>And AFAIK iptables has trouble updating large tables, so it only works
>for a limited number of rules. And packet processing probably stalls
>while the table is being updated.
iptables is said to be pretty scalable, even with more than 10000 rules.
Ans since someone probably had run iptables to get all the rules in, they
must have succeeded. They might have used iptables-restore, which
does things slightly different to iptables I believe.
Jan Engelhardt
--
More information about the tproxy
mailing list