[tproxy] user priority to run tproxy app

KOVACS Krisztian hidden at sch.bme.hu
Thu Oct 30 11:31:56 CET 2008


Hi,

On Thu, Oct 30, 2008 at 09:28:49AM +0800, Dong Wei wrote:
> When I use tproxy app, I found that if I run the app as a normal user,
> the APP can't work. But if I run APP as root, it can work well. Must I
> use root to run the tproxy app, or just run it with a user who has the
> same priority as root?

The process needs to have the CAP_NET_ADMIN capability to be able to set
the IP_TRANSPARENT flag on the socket. You don't have to be root to have
this capability and you only have to enable it for the time the process
enables this flag.

-- 
KOVACS Krisztian


More information about the tproxy mailing list