On 16.08.2012 01:47, Rafael Gomes wrote:
Guys, Sorry if it will be a stupid question, but I was reading about Tproxy configuration and I can't found any information about https redirection. My question is : What is the difference between use iptables with REDIRECT and entire configuration of tproxy? I believe that will have a different result, but I really don't know and I can't found any documentation with this information. Ps: Sorry for my bad english too, I am studying that language yet.
REDIRECT is a type of DNAT which replaces the destination IP with the machines main address and works on DHCP-assigned boxes where standard DNAT does not work.
TPROXY is not related to NAT in any way. TPROXY spoofs the client IP on outgoing traffic for proper transparent proxying. IP address static/dynamic assignment type and IPv4/v6 type is irrelevant.
TPROXY is more complex to get right administratively but far simpler (thus faster) in the code at both kernel and Squid levels. Once you get your head around the fact the IP packet details DO NOT change between input and output of the proxy things get easier to understand and administer.
Amos
