If you would give an ip example rather then a sketch I think I have an
idea on how to do it using some local routing daemon on the router machine.
Another thing to notice is that if you are using tproxy it should be
used based on a known network data or globally with specific exceptions.
else then these situation you will need to plan some iptables structure
to fit maybe ipset or any other way of organizing the dynamic tproxy rules.
Eliezer
On 1/13/2013 6:39 PM, Sebastian Poehn wrote:
For a simple setup this is more than sufficient. But I want to realize
something with dynamic routing. So to clarify:
ospf lan1 ############
local3 <----> local1 <-------# ROUTER # wan
# + #-------------> internet
local2 <-------# TPROXY #
lan2 ############
For me it's not possible to even know every subnet which is on the local
side. It would even be possible that there is a multi-homed environment
with e.g. local3 connected to the internet, too. (Thank means that even
a non-local destination could go from local2, via lan2, lan1, local1 and
local3 to the "internet" ).
Thank for your reply Jan
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
