[tproxy] MAC and VLAN transparency

Balazs Scheidler bazsi at balabit.hu
Mon Jul 16 14:14:36 CEST 2007

On Sun, 2007-07-15 at 18:01 +0200, Jan Engelhardt wrote:
> On Jul 15 2007 17:38, Balazs Scheidler wrote:
> >On Wed, 2007-07-11 at 14:58 -0600, Cameron Schaus wrote:
> >> I am using tproxy to do source IP address transparency on our proxy,
> >> and it is working well.  I would like to extend the functionality of
> >> tproxy to provide source MAC address and VLAN transparency as well.
> >> The proxy in question runs as a transparent bridge, so I think that I
> >> have to integrate the tproxy framework with ebtables, but I'm not 100%
> >> sure how to go about that.
> ebtables -t nat -A POSTROUTING -m <some_condition>
> 	-j snat --to-source <orig_mac>
> Simple :)
> (you'd still need arpreply, and something like connmark, so that you can
> properly can figure out orig_mac). This is not so much of a tproxy job IMO.

Yes, but you don't know 'orig_mac', it depends on the incoming

For example, you have two clients, each going through a tproxy based
proxy. On the outgoing side, each would need to have its original MAC
address, and without having to establish a rule for each client.


More information about the tproxy mailing list