Re: Should "Transparent web-caching" work with ppp0/pptp? (It doesn't...)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aleksey Tsalolikhin a écrit :

I've tried following the example at
http://lartc.org/howto/lartc.cookbook.squid.html
but from the remote web site's viewpoint, the request comes from the
eth0 address of my server, instead of through the VPN.

Oops, I forgot to comment on this. The default source address of a locally generated datagram or connection is selected before the OUTPUT chain, before the mark was set :

1) initial routing without using the mark selects the output interface and source address
2) iptables changes the mark in the OUTPUT chain
3) rerouting using the mark updates the output interface but not the source address

Rerouting through a different interface does not change the source address accordingly, so it is normal that packets have eth0's address as source even though they are rerouted through ppp0. If you want to change the source address, you may use iptables' SNAT or MASQUERADE. (I fear this will be a problem with IPv6 which has no - and must not have - NAT).
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux