On Tue, Jun 04, 2002 at 04:50:36PM +0200, Balazs Scheidler wrote:
> Hi,
>
> Suppose you have a TCP session, which is transparently redirected to a local
> proxy. With the current state of the tproxy framework one need to add two
> rules to iptables:
>
> - one to the tproxy table to actually redi
Jozsef Kadlecsik wrote:
> This is a good question. Probably it is better to add a (general) 'flags'
> field. But I have no idea for what else we could use it :-)
My opinion: Just add a bitfield. If other needs to add other small fields in
the future they can add it next to yours. The compiler w
On Wed, Jun 05, 2002 at 01:02:44PM +0200, Jozsef Kadlecsik wrote:
> On Wed, 5 Jun 2002, Balazs Scheidler wrote:
>
> > ok, should I simply add fields somewhere in struct ip_conntrack, or there's
> > a bitfield I can add a flag to?
>
> There is no such bitfield you could use at the moment.
>
> >
On Wed, 5 Jun 2002, Balazs Scheidler wrote:
> ok, should I simply add fields somewhere in struct ip_conntrack, or there's
> a bitfield I can add a flag to?
There is no such bitfield you could use at the moment.
> Looking at the struct I can't see a place general enough, so I can add a new
> fie
On Wed, Jun 05, 2002 at 08:53:25AM +0200, Jozsef Kadlecsik wrote:
> On Tue, 4 Jun 2002, Balazs Scheidler wrote:
> > Possible solutions:
> >
> > * use a new state (called TPROXY), which would be applied to all TPROXYed
> > packets (might interact badly with nat/conntrack).
> > * have the tproxy f
On Tue, 4 Jun 2002, Balazs Scheidler wrote:
> I'd like to make tproxies easier to administer, so I'm thinking about a
> simple way of matching tproxied packets, which can be ACCEPTed from the
> INPUT chain.
>
> Possible solutions:
>
> * use a new state (called TPROXY), which would be applied to a
Balazs Scheidler wrote:
> > Will interact badly with fwmark based routing.
>
> of course the mark value would be controlled by the user, and not assigned
> automatically.
As routing rules cannot mask fwmark, anything that touches the fwmark value
for whatever purpose will affect your fwmark bas
On Tue, Jun 04, 2002 at 05:14:47PM +0200, Henrik Nordstrom wrote:
> Balazs Scheidler wrote:
>
> > * use a new state (called TPROXY), which would be applied to all TPROXYed
> > packets (might interact badly with nat/conntrack).
>
> It will in no doubt interact badly with connection tracking (an
Balazs Scheidler wrote:
> * use a new state (called TPROXY), which would be applied to all TPROXYed
> packets (might interact badly with nat/conntrack).
It will in no doubt interact badly with connection tracking (and therefore
NAT).
> * have the tproxy framework mark all packets with an fwm
Hi,
Suppose you have a TCP session, which is transparently redirected to a local
proxy. With the current state of the tproxy framework one need to add two
rules to iptables:
- one to the tproxy table to actually redirect a session
- one to the filter table to let the NATed traffic enter the loca
10 matches
Mail list logo