[tproxy] tproxy4 future
hidden at sch.bme.hu
Tue Sep 18 15:05:00 CEST 2007
On k, szept 18, 2007 at 02:59:50 +0200, Jan Engelhardt wrote:
> >> Case 2 to imagine: with squid; can use -j REDIRECT instead of -j TPROXY.
> >Well, you can, but then you need NAT.
> Where do I need NAT? Squid will use setsockopt(IP_FREEBIND/IP_TRANSPARENT)
> and bind(client_src_addr). Which is why -j TPROXY is so puzzling to me.
REDIRECT needs NAT. And you can't implement "intercepting" traffic without
some kind of redirection. So it's required for squid & co.
More information about the tproxy