[tproxy] any version number for tproxy?
Laszlo Attila Toth
panther at balabit.hu
Wed Jun 25 09:21:53 CEST 2008
Jeffrey 'jf' Lim írta:
> On Tue, Jun 24, 2008 at 2:51 PM, Laszlo Attila Toth <panther at balabit.hu
> <mailto:panther at balabit.hu>> wrote:
> Jeffrey 'jf' Lim wrote:
> just curious, but is there like some kind of a version number
> for tproxy? Saw a "tproxy-4.0" directory under "legacy" in
> (http://www.balabit.com/downloads/files/tproxy/obsolete/), but
> no mention of anything on the main page, nor readme, nor the
> files in the patch (well, not exactly but.. unless it's "126.96.36.199
> <http://188.8.131.52> <http://184.108.40.206>"?)
> TProxy 4.0 became available in July 2007, and now its newer version
> is in the http://www.balabit.com/downloads/files/tproxy directory.
> This version doesn't have a tproxy table, both the target (TPROXY)
> and the match (socket) is used in the mangle table.
> Current version is 4.1, but sometimes it is also called as simply
> I don't mention the older (obsolete) versions anywhere because it is
> still available if someone want to use it, but they are not
> maintanined (except TProxy 4.0, as a part of our product's kernel).
> ok, thanks. One question - iptables is really for user-level (as in, "a
> command-line tool") stuff, right? so if all we need is the tproxy
> functionality, do we really need to bother with patching and compiling
Iptables requires for the transparent proxying setup. For instance the
rule redirects via the TPROXY target the packets with destination port
to the local host's port 50080:
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port
50080 --tproxy-mark 1/1
After that the squid has to indicate that it accepts packets redirected
this way. It happens via the IP_TRANSPARENT socket option. This is why
the --enable-linux-netfilter configure option is required for squid.
More information about the tproxy