[tproxy] MAC and VLAN transparency
Balazs Scheidler
bazsi at balabit.hu
Mon Jul 16 14:14:36 CEST 2007
On Sun, 2007-07-15 at 18:01 +0200, Jan Engelhardt wrote:
> On Jul 15 2007 17:38, Balazs Scheidler wrote:
> >On Wed, 2007-07-11 at 14:58 -0600, Cameron Schaus wrote:
> >> I am using tproxy to do source IP address transparency on our proxy,
> >> and it is working well. I would like to extend the functionality of
> >> tproxy to provide source MAC address and VLAN transparency as well.
> >> The proxy in question runs as a transparent bridge, so I think that I
> >> have to integrate the tproxy framework with ebtables, but I'm not 100%
> >> sure how to go about that.
>
> ebtables -t nat -A POSTROUTING -m <some_condition>
> -j snat --to-source <orig_mac>
>
> Simple :)
> (you'd still need arpreply, and something like connmark, so that you can
> properly can figure out orig_mac). This is not so much of a tproxy job IMO.
Yes, but you don't know 'orig_mac', it depends on the incoming
connection.
For example, you have two clients, each going through a tproxy based
proxy. On the outgoing side, each would need to have its original MAC
address, and without having to establish a rule for each client.
--
Bazsi
More information about the tproxy
mailing list