On Thursday, December 20, 2012 02:35:44 PM Jan Engelhardt wrote: > Again: where in the Ethernet/IP packet would that be recorded? Don't > guess; *construct* one. Your favorite IP reference (be that a book, > the RFCs, Wikipedia, ...) can tell you what fields exist and need to > be filled out. Consider yourself a Linux machine sending a packet, > fill in the fields, in the direction from TCP to IP to Ethernet (i.e. > backwards). Once done, parse it (in the forward direction), like a > Linux machine receiving the packet. > > The exercise here is that one sees that it is (im)possible. I think I begin to see your point. Bouncy packets don't necessarily work very well, especially when there are loops in the path. If the goal is to transparently proxy web connections, the least complex solution is to run the proxy either on the firewall or on a bridge between the firewall and the LAN. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
