From: "Steve \(Telsat Broadband\)" <steve@telsatbb.vu>
To: 'Eliezer Croitoru' <eliezer@ngtech.co.il>
Cc: 'Joao Pereira' <joaopapereira@gmail.com>, netfilter@vger.kernel.org
Subject: RE: ip6tables REDIRECT support
Date: Sat, 29 Sep 2012 07:22:58 +1100 [thread overview]
Message-ID: <075301cd9db7$0f0e8c00$2d2ba400$@telsatbb.vu> (raw)
In-Reply-To: <5065E9CA.2020103@ngtech.co.il>
Hi Eliezer,
We use our own custom server. The server listens for connections on all
ports for both TCP & UDP and forwards any unauthenticated connections to two
separate services running on the same machine. The problem with TPROXY was
that despite it being configured exactly as we've configured it in the past
when we used a squid proxy, the data packets never hit the services on the
server which were supposed to handle them.
The redirect target worked perfectly for this situation, simply capturing
any packets on dport 1-65535 and redirecting it to port xxx on the same
machine. Simply shifting port X to port Y without any other modifications.
Cheers.
Steve.
Steve Noorderbroek
C.T.O.
Telsat Broadband Limited
www.telsatbb.vu
-----Original Message-----
From: netfilter-owner@vger.kernel.org
[mailto:netfilter-owner@vger.kernel.org] On Behalf Of Eliezer Croitoru
Sent: Saturday, 29 September 2012 5:18 AM
To: Steve (Telsat Broadband)
Cc: 'Joao Pereira'; netfilter@vger.kernel.org
Subject: Re: ip6tables REDIRECT support
On 9/27/2012 7:21 PM, Steve (Telsat Broadband) wrote:
> The majority of the responses I did get suggested to use TPROXY
> instead of redirect, but in my particular case, that didn't work
> properly and seemed to have much more overhead than the redirect target.
>
What didnt worked?
If you need a captive portal there is a very simple way to do it.
What exactly do you use now?
Eliezer
> Hopefully someone out there in the dev team will understand our plight
> and perhaps incorporate this important target.
>
> Cheers.
> Steve.
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in the
body of a message to majordomo@vger.kernel.org More majordomo info at
http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-09-28 20:22 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-27 12:17 ip6tables REDIRECT support Joao Pereira
2012-09-27 17:21 ` Steve (Telsat Broadband)
2012-09-27 18:25 ` Jan Engelhardt
2012-09-28 18:17 ` Eliezer Croitoru
2012-09-28 20:22 ` Steve (Telsat Broadband) [this message]
2012-09-29 2:31 ` Eliezer Croitoru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='075301cd9db7$0f0e8c00$2d2ba400$@telsatbb.vu' \
--to=steve@telsatbb.vu \
--cc=eliezer@ngtech.co.il \
--cc=joaopapereira@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox