[tproxy] user priority to run tproxy app

KOVACS Krisztian hidden at sch.bme.hu
Thu Oct 30 11:31:56 CET 2008


On Thu, Oct 30, 2008 at 09:28:49AM +0800, Dong Wei wrote:
> When I use tproxy app, I found that if I run the app as a normal user,
> the APP can't work. But if I run APP as root, it can work well. Must I
> use root to run the tproxy app, or just run it with a user who has the
> same priority as root?

The process needs to have the CAP_NET_ADMIN capability to be able to set
the IP_TRANSPARENT flag on the socket. You don't have to be root to have
this capability and you only have to enable it for the time the process
enables this flag.

KOVACS Krisztian

More information about the tproxy mailing list