>
> TPROXY is not routing. It is packet interception, taking a packet from
> the kernel TCP stack and delivering it to a local process running on
> that machine. Taking packets from that same local process marked with a
> special TPROXY flag and allowing them to be routed despite having a src
> address of a different machine (spoofing is normally prohibited by the
> kernel).
>
> Simple really. But it places a lot of requirement pressure on the
> networking and routing to handle the packets properly.
>
> > The alternative for remote host is policy based routing (if you followed
my
> > other thread on this for ipv4 but ipv6 should not be too different). But
as I
> > said before I am not able to make it work.
>
> Unfortunately the policy routing is mandatory whenever there are
> alternative routes for the packets to travel over which bypass the
> interceptor proxy.
>
> Amos
>
>
Does TPROXY setup work with remote proxy server?
It appears to be for local routing only. I don't want to start trying this
if it will not support remote routing (hint: specify this in the wiki, also
it doesn't say that newer kernel seem to have all the dependency built in
the kernel out of box; and based on configuration I saw it's all there, most
of the guide out there on this is for kernel 2.6x which is old).
Thanks,
Received on Thu Oct 31 2013 - 17:31:02 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 31 2013 - 12:00:08 MDT