[tproxy] tproxy4 future

Jan Engelhardt jengelh at computergmbh.de
Tue Sep 18 15:22:37 CEST 2007


On Sep 18 2007 15:05, KOVACS Krisztian wrote:
>On k, szept 18, 2007 at 02:59:50 +0200, Jan Engelhardt wrote:
>> >> Case 2 to imagine: with squid; can use -j REDIRECT instead of -j TPROXY.
>> >
>> >Well, you can, but then you need NAT.
>> 
>> Where do I need NAT? Squid will use setsockopt(IP_FREEBIND/IP_TRANSPARENT)
>> and bind(client_src_addr). Which is why -j TPROXY is so puzzling to me.
>
>REDIRECT needs NAT. And you can't implement "intercepting" traffic without
>some kind of redirection. So it's required for squid & co.

Right, except that I do not use REDIRECT actually, but let the clients
directly (and knowingly) connect to proxy:3128. Whee :)


More information about the tproxy mailing list