[tproxy] Does TPROXY work on a bridge without IP address?
Laszlo Attila Toth
panther at balabit.hu
Wed Feb 20 09:34:45 CET 2008
Hello,
Liang Bin wrote:
> Hi all,
>
> I am Bryan Liang, a newbie to TPROXY. I am using TPROXY 2.0.6 with
> kernel 2.6.20.21 <http://2.6.20.21>.
> It works fine in router mode.
>
> I am going to run TPROXY in bridge mode. Here is my linux box setting.
>
> eth0: local admin port, IP address: 192.168.43.130
> <http://192.168.43.130>, netmask 255.255.255.0 <http://255.255.255.0>,
> default gw 192.168.43.1 <http://192.168.43.1>
> eth1 and eth2 belong to br0 (bridge device)
> br0: IP address: 0.0.0.0 <http://0.0.0.0>
>
> This means I can use eth0 as admin port to manage my linux box. And I do
> not assign IP address to bridge interface.
>
> My problem is, does TPROXY work on a bridge without IP address?
No, it doesn't work without an IP address because tproxy2 uses nat rules
which require an IP address on the bridge interface too.
If another host connects to a proxy application, the proxy gets the
incoming packets but it has to respond with others. The latter packets
cannot be routed without that IP address.
-
Panther
More information about the tproxy
mailing list