[tproxy] tproxy4 future

KOVACS Krisztian hidden at sch.bme.hu
Tue Sep 18 15:05:00 CEST 2007


Hi,

On k, szept 18, 2007 at 02:59:50 +0200, Jan Engelhardt wrote:
> >> Case 2 to imagine: with squid; can use -j REDIRECT instead of -j TPROXY.
> >
> >Well, you can, but then you need NAT.
> 
> Where do I need NAT? Squid will use setsockopt(IP_FREEBIND/IP_TRANSPARENT)
> and bind(client_src_addr). Which is why -j TPROXY is so puzzling to me.

REDIRECT needs NAT. And you can't implement "intercepting" traffic without
some kind of redirection. So it's required for squid & co.

-- 
KOVACS Krisztian


More information about the tproxy mailing list