[tproxy] The future of tproxy
Jan Engelhardt
jengelh at linux01.gwdg.de
Sat May 26 22:45:19 CEST 2007
On May 26 2007 22:32, Igmar Palsenberg wrote:
>> > We definitely want to move away from NAT, and we don't plan to migrate
>> > towards network channels. (at least for now).
>>
>> But how is one supposed to fake addresses then?
>
> By bind()'ing to the remote address, like the way it was done in the Linux 2.2
> days.
Yeah but you'd still need a local table that lists tproxied sockets, so
that for an arbitrary incoming packet it can be decided whether it is
to go through the INPUT or FORWARD chain (and subsequently, destination
program/host).
Jan
--
More information about the tproxy
mailing list