On 11/29/2012 3:31 PM, Nick Fennell wrote:
Hey Steve,
OK so, for your internal (LAN) traffic, why put it through TPROXY at all? Why not exclude
it from the redirect into the TPROXY engine and allow it to proxy through
"organically"?
As well you know, if TPROXY sees the traffic in one direction, it needs to see
it in the other.
My suggestion: Bypass TPROXY for LAN traffic.
+1
simple iptables rules.
Eliezer
Nick
--
Nick Fennell
n...@tbfh.org
--
Eliezer Croitoru
https://www1.ngtech.co.il
sip:ngt...@sip2sip.info
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il