这是一个创建于 1202 天前的主题,其中的信息可能已经有所发展或是发生改变。
Transparent proxying often involves "intercepting" traffic on a router. This is usually done with the iptables REDIRECT target; however, there are serious limitations of that method. One of the major issues is that it actually modifies the packets to change the destination address -- which might not be acceptable in certain situations. (Think of proxying UDP for example: you won't be able to find out the original destination address. Even in case of TCP getting the original destination address is racy.)
在一些透明代理的资料,上面这段话中的加粗部分如何理解? UDP 无法知道原始的 dst address ?
第 1 条附言 · 2021-08-09 09:10:12 +08:00
从这里 看到REDIRECT 方式只支持TCP,而TPROXY方式可以支持TCP和UDP
有个疑问是REDIRECT不支持UDP 透明代理的原因是什么?从iptables-extension文档看REDIRECT是可以支持-p UDP啊?
 |
1
undef404 2021-08-07 10:19:50 +08:00
意思是只能看到代理的地址。看不到被代理的那个地址。
|
Select Language