[tproxy] any version number for tproxy?
Laszlo Attila Toth
panther at balabit.hu
Wed Jun 25 09:21:53 CEST 2008
Jeffrey 'jf' Lim írta:
> On Tue, Jun 24, 2008 at 2:51 PM, Laszlo Attila Toth <panther at balabit.hu
> <mailto:panther at balabit.hu>> wrote:
>
> Jeffrey 'jf' Lim wrote:
>
> just curious, but is there like some kind of a version number
> for tproxy? Saw a "tproxy-4.0" directory under "legacy" in
> downloads
> (http://www.balabit.com/downloads/files/tproxy/obsolete/), but
> no mention of anything on the main page, nor readme, nor the
> files in the patch (well, not exactly but.. unless it's "1.5.2.5
> <http://1.5.2.5> <http://1.5.2.5>"?)
>
>
> TProxy 4.0 became available in July 2007, and now its newer version
> is in the http://www.balabit.com/downloads/files/tproxy directory.
> This version doesn't have a tproxy table, both the target (TPROXY)
> and the match (socket) is used in the mangle table.
>
> Current version is 4.1, but sometimes it is also called as simply
> tproxy4.
>
> I don't mention the older (obsolete) versions anywhere because it is
> still available if someone want to use it, but they are not
> maintanined (except TProxy 4.0, as a part of our product's kernel).
>
>
> ok, thanks. One question - iptables is really for user-level (as in, "a
> command-line tool") stuff, right? so if all we need is the tproxy
> functionality, do we really need to bother with patching and compiling
> iptables?
Iptables requires for the transparent proxying setup. For instance the
rule redirects via the TPROXY target the packets with destination port
to the local host's port 50080:
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port
50080 --tproxy-mark 1/1
After that the squid has to indicate that it accepts packets redirected
this way. It happens via the IP_TRANSPARENT socket option. This is why
the --enable-linux-netfilter configure option is required for squid.
--
Panther
More information about the tproxy
mailing list