[tproxy] any version number for tproxy?

Laszlo Attila Toth panther at balabit.hu
Wed Jun 25 09:21:53 CEST 2008

Jeffrey 'jf' Lim írta:
> On Tue, Jun 24, 2008 at 2:51 PM, Laszlo Attila Toth <panther at balabit.hu 
> <mailto:panther at balabit.hu>> wrote:
>     Jeffrey 'jf' Lim wrote:
>         just curious, but is there like some kind of a version number
>         for tproxy? Saw a "tproxy-4.0" directory under "legacy" in
>         downloads
>         (http://www.balabit.com/downloads/files/tproxy/obsolete/), but
>         no mention of anything on the main page, nor readme, nor the
>         files in the patch (well, not exactly but.. unless it's "
>         <> <>"?)
>     TProxy 4.0 became available in July 2007, and now its newer version
>     is in the http://www.balabit.com/downloads/files/tproxy directory.
>     This version doesn't have a tproxy table, both the target (TPROXY)
>     and the match (socket) is used in the mangle table.
>     Current version is 4.1, but sometimes it is also called as simply
>     tproxy4.
>     I don't mention the older (obsolete) versions anywhere because it is
>     still available if someone want to use it, but they are not
>     maintanined (except TProxy 4.0, as a part of our product's kernel).
> ok, thanks. One question - iptables is really for user-level (as in, "a 
> command-line tool") stuff, right? so if all we need is the tproxy 
> functionality, do we really need to bother with patching and compiling 
> iptables?

Iptables requires for the transparent proxying setup. For instance the 
rule redirects via the TPROXY target the packets with destination port 
to the local host's port 50080:

iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 
50080 --tproxy-mark 1/1

After that the squid has to indicate that it accepts packets redirected 
this way. It happens via the IP_TRANSPARENT socket option. This is why 
the --enable-linux-netfilter configure option is required for squid.


More information about the tproxy mailing list