[tproxy] tproxy 4.1.0 and FWMARK
Ming-Ching Tiew
mingching.tiew at redtone.com
Tue Feb 19 08:50:06 CET 2008
OK I could confirm that the SNAT patch provided seems to work for me.
I have more questions on tproxy 4.1.0 and FWMARK :-
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \
> --tproxy-mark 0x1/0x1 -on-port 3128
> iptables -t mangle -N DIVERT
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> iptables -t mangle -A DIVERT -j MARK --set-mark 1
> iptables -t mangle -A DIVERT -j ACCEPT
>
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
If I have to do split access on outgoing traffic into multiple interfaces,
I would already have use FWMARK in one way or other.
For example, for split outgoing access, I would have already mark
traffic going out to eth0 with FWMARK 5, and traffic going out to
eth1 with FWMARK 7. And I would already have these rules :-
ip rule add fwmark 5 lookup 120
ip rule add fwmark 7 lookup 130
( And table 120 will default route to gateway belonging to
interface 1 and table 130 will default route to gateway belonging
to interface 2 ).
So how could I incorporate the tproxy mark into my existing use of
FWMARK ?
Regards.
More information about the tproxy
mailing list