[tproxy] Tproxy on bridge interface
Daniel
tooldcas at 163.com
Thu Dec 20 07:25:55 CET 2007
>
>Cameron Schaus wrotte :-
>
>>
>> >I think you're not the only one interested in these changes.
>> >
>> >Cam, could you post your patch implementing the necessary changes to make
>> >bridged tproxy work?
>> >
>> >
>> Sure. I'll post them soon. I have to find the code I wrote. I wasn't
>> able to use tproxy4 due to some other issues I wasn't able to solve, so
>> I'm not sure where the code went.
>
>Any luck on this item ?
I built a tproxy upon bridge interface with tproxy-4.1.0, and it works fine.
All I need to do is to add two ebtables broute rules below:
ebtables -t broute -A BROUTING -i $ETHIN \
-p ipv4 --ip-proto $TCP_PROTO --ip-dport $HTTP_PORT -j DROP
ebtables -t broute -A BROUTING -i $ETHOUT \
-p ipv4 --ip-proto $TCP_PROTO --ip-sport $HTTP_PORT -j DROP
ebtables will force packets I specify being routed instead of being bridged,
then packets will be routed to loopback interface. (Without the two rules,
packets will be forwarded, ignoring any route rules)
But I have not done the same thing with tproxy-4.0.4, because these two version are
totally incompatible. I prefer tproxy-4.1.0 than the old one because it can run on
bridge mode without any extra hacking :-)
Regards
Daniel
2007-12-20
More information about the tproxy
mailing list