summaryrefslogtreecommitdiff
path: root/Documentation/networking/tproxy.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/networking/tproxy.rst')
-rw-r--r--Documentation/networking/tproxy.rst6
1 files changed, 3 insertions, 3 deletions
diff --git a/Documentation/networking/tproxy.rst b/Documentation/networking/tproxy.rst
index 00dc3a1a66b4..75e4990cc3db 100644
--- a/Documentation/networking/tproxy.rst
+++ b/Documentation/networking/tproxy.rst
@@ -17,7 +17,7 @@ The idea is that you identify packets with destination address matching a local
socket on your box, set the packet mark to a certain value::
# iptables -t mangle -N DIVERT
- # iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
+ # iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT
# iptables -t mangle -A DIVERT -j MARK --set-mark 1
# iptables -t mangle -A DIVERT -j ACCEPT
@@ -69,9 +69,9 @@ add rules like this to the iptables ruleset above::
# iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \
--tproxy-mark 0x1/0x1 --on-port 50080
-Or the following rule to nft:
+Or the following rule to nft::
-# nft add rule filter divert tcp dport 80 tproxy to :50080 meta mark set 1 accept
+ # nft add rule filter divert tcp dport 80 tproxy to :50080 meta mark set 1 accept
Note that for this to work you'll have to modify the proxy to enable (SOL_IP,
IP_TRANSPARENT) for the listening socket.
generated by cgit (git 2.34.1) at 2025-07-24 08:48:49 +0000