> > Having run across all of this, I don't have the big picture of how this is > supposed to work and cannot achieve the point of all this. >
What exactly are you trying to do? Do you even know or are you trying to do or are you just playing around with transparent proxying for S & G's? Googling on tproxy has provided some basic ASCII diagrams of specific configurations for specific purposes such as in this article which explains the difference between iptables redirect, dnat and tproxy. https://gsoc-blog.ecklm.com/iptables-redirect-vs.-dnat-vs.-tproxy/ Starting there might help you understand what can be accomplished with each utility. This how-to article goes more into detail about how tproxy works. https://powerdns.org/tproxydoc/tproxy.md.html "The Linux kernel contains facilities for performing transparent proxying. In short this means that the operating system functions as a router, but some (or all) traffic gets redirected for userspace processing. This could be used for example to implement a transparent http proxy which could then for example apply policy, scan for viruses etc. There are DNS applications too." Four components are involved: - A routing table that declares all IP addresses as local - iptables rules marking certain packets for processing by this routing table - And optionally map the traffic to a specific local address - A socket option IP_TRANSPARENT that marks sockets a suitable for receiving such traffic - Potentially: ebtables to perform these function in bridging mode. tproxy is policy based routing. The first step would be to enumerate and diagram the routing that you're trying to accomplish. If you can't do that, then you don't understand what you're trying to accomplish and you're just hopin' & pokin'. _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
