> > TPROXY is not routing. It is packet interception, taking a packet from > the kernel TCP stack and delivering it to a local process running on > that machine. Taking packets from that same local process marked with a > special TPROXY flag and allowing them to be routed despite having a src > address of a different machine (spoofing is normally prohibited by the > kernel). > > Simple really. But it places a lot of requirement pressure on the > networking and routing to handle the packets properly. > > > The alternative for remote host is policy based routing (if you followed my > > other thread on this for ipv4 but ipv6 should not be too different). But as I > > said before I am not able to make it work. > > Unfortunately the policy routing is mandatory whenever there are > alternative routes for the packets to travel over which bypass the > interceptor proxy. > > Amos > > Does TPROXY setup work with remote proxy server? It appears to be for local routing only. I don't want to start trying this if it will not support remote routing (hint: specify this in the wiki, also it doesn't say that newer kernel seem to have all the dependency built in the kernel out of box; and based on configuration I saw it's all there, most of the guide out there on this is for kernel 2.6x which is old). Thanks,
