[tproxy] tproxy in newer 2.6 kernels

Jan Engelhardt jengelh at linux01.gwdg.de
Tue Jul 25 21:44:29 CEST 2006

>> Ah, hm, right.  Note that the code I posted inserts an SNAT rule every
>> single time a connection is made, so it does let you keep your original
>> source address.  (But it needs some app hacking.)
>And AFAIK iptables has trouble updating large tables, so it only works
>for a limited number of rules. And packet processing probably stalls
>while the table is being updated.

iptables is said to be pretty scalable, even with more than 10000 rules. 
Ans since someone probably had run iptables to get all the rules in, they 
must have succeeded. They might have used iptables-restore, which 
does things slightly different to iptables I believe.

Jan Engelhardt

More information about the tproxy mailing list