[tproxy] tproxy + squid 3 + kernel 2.6.25 + iptables 1.4.0
Laszlo Attila Toth
panther at balabit.hu
Fri Jun 20 11:20:21 CEST 2008
Ming-Ching Tiew wrote:
> Laszlo Attila Toth wrote:
>> I will forward port of the kernel patches to 2.6.25 and 2.6.26 and
>> test when I'll have time for it. But first I have to eliminate a
>> problem related to the tproxy that it doesn't work if the interface
>> is in bridge mode (br0, etc). This issue occurs on each versions of
>> tproxy4 (4.0 and
>> 4.1). The 4.0 branch is used internally in our product but my
>> assumption is that when I fix the 4.0, I can find a solution for 4.1,
>> too. Now I have no idea why it goes wrong with a bridge: TPROXY
>> target (and iptables/netfilter) doesn't receive any packets.
>
> I did mentioned about this long long time ago. If you search
> through the older posts, I did mentioned a "workaround" for it.
> Unless now you are working on a fix in the kernel.
>
> Basically, I use ebtables to redirect the traffic to enter and leave
> via the physical interface instead of the (virtual) bridge interface.
>
Hm, I forgot it, thanks.
I remembered as when I tried it with TProxy, 4.1, it didn't work.
Perhaps I used wrong version of ebtables userspace. In this case it is
only a 4.1 problem.
--
Panther
More information about the tproxy
mailing list