On 11/29/2012 3:31 PM, Nick Fennell wrote:
Hey Steve, OK so, for your internal (LAN) traffic, why put it through TPROXY at all? Why not exclude it from the redirect into the TPROXY engine and allow it to proxy through "organically"? As well you know, if TPROXY sees the traffic in one direction, it needs to see it in the other. My suggestion: Bypass TPROXY for LAN traffic.
+1 simple iptables rules. Eliezer
Nick -- Nick Fennell nick@xxxxxxxx
-- Eliezer Croitoru https://www1.ngtech.co.il sip:ngtech@xxxxxxxxxxxx IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il
