[tproxy] tproxy 4.0 & zorp 3.0.8
Laszlo Attila Toth
panther at balabit.hu
Fri Aug 10 13:59:51 CEST 2007
On Friday 10 August 2007 13.23.39 Jan Engelhardt wrote:
> On Aug 10 2007 13:21, Ondrej Kraus wrote:
> >Hello,
> >
> >great, proxy works now - but just in normal transparent fashion.
>
> ...which is equivalent to having used REDIRECT instead of TPROXY.
> (Seriously, what is xt_TPROXY good for?)
>
No, not at all. If you use REDIRECT, you must add at least one rule per
listening port to accept connections but with the TProxy patch one rule is
enough in the INPUT chain. The TRPOXY target marks the packet and the tproxy
match accepts marked packets no matter what the original and the new
destination port is. It can be simoultaneously used with the MARK target of
the mangle table.
--
Regards,
Laszlo Attila Toth
More information about the tproxy
mailing list