透明代理部分,重路由有误 #129
Labels
unconfirmed
Waiting investigation
Comments
|
很久没来。不知道你想证明什么,图上reroute check也没说明能回到prerouting。本机网卡之间的数据交换是不会触发prerouting链的,直接在本机内核处理,这是基本常识,只有外来的包才会触发prerouting。你谷歌“ loopback prerouting” 这两个关键字其实能找到很多答案 |
|
楼主的现象我也遇到了,在output里mark后,本机 curl baidu.com 的流量没有走到prerouting,不懂网络,具体原因不知道。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TPROXY代理本机流量,“在 OUTPUT 链打标记会使相应的包重路由到 PREROUTING 链上”,确实是这样吗?这不就造成了环回了?要验证OUTPUT链是否能再次回PREROUTING链,加一条规则即可验证,
iptables -t mangle -A PREROUTING -i lo -m mark ! --mark 0 -j RETURN
看看这条规则有没计数就知道了,如果output重路由能回到prerouting的说法成立的话,这里理应有计数,事实并非如此
iptables -t mangle -nxvL --line
The text was updated successfully, but these errors were encountered: