[tproxy] Tproxy_on_bridge_interface
Daniel
tooldcas at 163.com
Thu Dec 20 07:37:43 CET 2007
>>
>>Any luck on this item ?
>
>I built a tproxy upon bridge interface with tproxy-4.1.0, and it works fine.
>All I need to do is to add two ebtables broute rules below:
>
> ebtables -t broute -A BROUTING -i $ETHIN \
> -p ipv4 --ip-proto $TCP_PROTO --ip-dport $HTTP_PORT -j DROP
> ebtables -t broute -A BROUTING -i $ETHOUT \
> -p ipv4 --ip-proto $TCP_PROTO --ip-sport $HTTP_PORT -j DROP
Sorry, I made a mistake here.
People should use ebtables redirect target instead of '-j DROP'. otherwise
after brouted, packets which passed rules still are type PACKET_OTHERHOST,
then they will be dropped by ip_rcv immediately.
I actually hacked bridge code to set all brouted packet to type PACKET_HOST
because I didn't want to break my IP-MAC binding policy.
>
>ebtables will force packets I specify being routed instead of being bridged,
>then packets will be routed to loopback interface. (Without the two rules,
>packets will be forwarded, ignoring any route rules)
>
Regards
Daniel
2007-12-20
More information about the tproxy
mailing list