For a simple setup this is more than sufficient. But I want to realize
something with dynamic routing. So to clarify:
ospf lan1 ############
local3 <----> local1 <-------# ROUTER # wan
# + #-------------> internet
local2 <-------# TPROXY #
lan2 ############
For me it's not possible to even know every subnet which is on the local
side. It would even be possible that there is a multi-homed environment
with e.g. local3 connected to the internet, too. (Thank means that even
a non-local destination could go from local2, via lan2, lan1, local1 and
local3 to the "internet" ).
Thank for your reply Jan
On Sun, 2013-01-13 at 12:30 +0100, Jan Engelhardt wrote:
> On Sunday 2013-01-13 09:54, Sebastian Poehn wrote:
>
> >I want to run a tcp transparent proxy ( with TPROXY ) processing only traffic outgoing a specific interface. That's what my setup looks like:
> >
> >
> > lan1 ############
> > local net 1 <-------# ROUTER # wan
> > # + #-------------> internet
> > local net 2 <-------# TPROXY #
> > lan2 ############
> >
>
> -A PREROUTING -j foo
> forall LAN subnets
> -A foo -d $lan -j RETURN
> -A foo -j TPROXY
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
