This topic created in 1724 days ago, the information mentioned may be changed or developed.
Transparent proxying often involves "intercepting" traffic on a router. This is usually done with the iptables REDIRECT target; however, there are serious limitations of that method. One of the major issues is that it actually modifies the packets to change the destination address -- which might not be acceptable in certain situations. (Think of proxying UDP for example: you won't be able to find out the original destination address. Even in case of TCP getting the original destination address is racy.)
在一些透明代理的资料,上面这段话中的加粗部分如何理解? UDP 无法知道原始的 dst address ?
Supplement 1 · Aug 9, 2021
从这里 看到REDIRECT 方式只支持TCP,而TPROXY方式可以支持TCP和UDP
有个疑问是REDIRECT不支持UDP 透明代理的原因是什么?从iptables-extension文档看REDIRECT是可以支持-p UDP啊?
 |
1
undef404 Aug 7, 2021
意思是只能看到代理的地址。看不到被代理的那个地址。
|
Select Language