From 92b54aa2b436387f85783d3f420ccaa12fdaf891 Mon Sep 17 00:00:00 2001 From: KOVACS Krisztian Date: Wed, 15 Oct 2008 11:49:37 +0200 Subject: Add iptables support for the TPROXY target Signed-off-by: KOVACS Krisztian Signed-off-by: Patrick McHardy --- extensions/libxt_TPROXY.man | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 extensions/libxt_TPROXY.man (limited to 'extensions/libxt_TPROXY.man') diff --git a/extensions/libxt_TPROXY.man b/extensions/libxt_TPROXY.man new file mode 100644 index 00000000..f17848c4 --- /dev/null +++ b/extensions/libxt_TPROXY.man @@ -0,0 +1,21 @@ +This target is only valid in the \fBmangle\fR table, in the \fBPREROUTING\fR +chain and user-defined chains which are only called from this chain. It +redirects the packet to a local socket without changing the packet header in +any way. It can also change the mark value which can then be used in advanced +routing rules. +It takes three options: +.TP +\fB--on-port\fR \fIport\fR +This specifies a destination port to use. It is a required option, 0 means the +new destination port is the same as the original. This is only valid if the +rule also specifies \fB-p tcp\fR or \fB-p udp\fR. +.TP +\fB--on-ip\fR \fIaddress\fR +This specifies a destination address to use. By default the address is the IP +address of the incoming interface. This is only valid if the rule also +specifies \fB-p tcp\fR or \fR-p udp\fR. +.TP +\fB--tproxy-mark\fR \fIvalue\fR[\fB/\fR\fImask\fR] +Marks packets with the given value/mask. The fwmark value set here can be used +by advanced routing. (Required for transparent proxying to work: otherwise +these packets will get forwarded, which is probably not what you want.) -- cgit v1.2.3