[tproxy] Tproxy on bridge interface
Ming-Ching Tiew
mingching.tiew at redtone.com
Thu Dec 20 21:29:34 CET 2007
Daniel wrote:
> I built a tproxy upon bridge interface with tproxy-4.1.0, and it works fine.
>
Where is tproxy-4.1.0 download url ?
> All I need to do is to add two ebtables broute rules below:
>
> ebtables -t broute -A BROUTING -i $ETHIN \
> -p ipv4 --ip-proto $TCP_PROTO --ip-dport $HTTP_PORT -j DROP
> ebtables -t broute -A BROUTING -i $ETHOUT \
> -p ipv4 --ip-proto $TCP_PROTO --ip-sport $HTTP_PORT -j DROP
>
>
I am aware of this. This one is equally applicable to tproxy-4.0.3.
For tproxy--4.0.3 ( not sure if it's applicable to tproxy-4.1.0 ), if the
$ETHIN and $ETHOUT has no ip address ( ie only br interface
has been assigned IP), it will cause a kernel panic due to accessing
null pointer.
Not sure if that's fixed in tproxy-4.1.0.
> ebtables will force packets I specify being routed instead of being bridged,
> then packets will be routed to loopback interface. (Without the two rules,
> packets will be forwarded, ignoring any route rules)
>
> But I have not done the same thing with tproxy-4.0.4, because these two version are
> totally incompatible. I prefer tproxy-4.1.0 than the old one because it can run on
> bridge mode without any extra hacking :-)
>
>
Where is tproxy-4.0.4 download url ? :-)
Cheers
More information about the tproxy
mailing list