Guillaume Lécroart wrote: > Then I thought of using policy routing to forward the ip packets directed > to tcp port 21 to the proxy box WITHOUT MODIFYING the DST IP address. Could > be funny and tricky, but I would need a way to do the same for the data > connections. Oh, of course, I could use a "-m state --state RELATED" rule > to mark or mangle or transmit the packets to user space so that policy > routing stuff can do it, but I've no idea how to do it. Any hint?
See my CONNMARK in patch-o-matic. One application of this is to allows you to do this by marking the connection and all it's packets (including related), and then use nfmark based routing to route the packets to a proxy. Regards Henrik Nordström MARA Systems AB
