[tproxy] tproxy4 future
KOVACS Krisztian
hidden at sch.bme.hu
Tue Sep 18 15:05:00 CEST 2007
Hi,
On k, szept 18, 2007 at 02:59:50 +0200, Jan Engelhardt wrote:
> >> Case 2 to imagine: with squid; can use -j REDIRECT instead of -j TPROXY.
> >
> >Well, you can, but then you need NAT.
>
> Where do I need NAT? Squid will use setsockopt(IP_FREEBIND/IP_TRANSPARENT)
> and bind(client_src_addr). Which is why -j TPROXY is so puzzling to me.
REDIRECT needs NAT. And you can't implement "intercepting" traffic without
some kind of redirection. So it's required for squid & co.
--
KOVACS Krisztian
More information about the tproxy
mailing list