[tproxy] How does 'dev lo' in tproxy routing rule really work?
ashwas at gmail.com
Thu Dec 3 03:51:24 CET 2009
I want to understand the tproxy rules that have been kindly written
for us in http://www.balabit.com/downloads/files/tproxy/README.txt. I
understand every aspect of those rules, iptables and iproute2, except
this one small highlighted bit in the last rule.
ip route add local 0.0.0.0/0 *dev lo* table 100
# ip route show table 100
local default dev lo scope host
So packets with fwmark 1 get selected for this routing table, which
assumes that all destinations are assigned to this host and hence
delivers the packets locally. But the output device is set to 'lo',
which is the local loopback device. However even if the proxy is not
listening on the IP of lo (say it only has the socket for eth0 and the
packet came in on eth0), it still receives the packet. So is the 'lo'
here just a way to indicate local delivery to the associated physical
interface and does not really represent the actual output interface?
Can someone please shed some light on this that is more than a simple
More information about the tproxy