Hi,
On Sat, Apr 04, 2009 at 07:46:28PM +0400, Alexey wrote:
> Hi,
>
> I saw post about delaying incoming smtp connections via haproxy. Looks like I
> need transparent proxy for saving source ip addresses, but it requires TPROXY
> in linux kernel.
yes it does.
> I need to patch kernel + iptables for make it working?
Yes. Malcolm Turnbull posted a howto on the subject.
> What
> difference between squid and haproxy transparenting (squid requires only -j
> REDIRECT support in kernel) ?
> Is there any simpiest ways to delay incoming tcp
> connections without changin source address?
Not that I'm aware of. This is also called "delayed binding" and at least requires an equipment which is able to translate TCP sequence numbers. Doing that in a proxy is the simplest and most reliable method to do this, but this requires a very recent linux kernel (>= 2.6.28) or to apply the TProxy patch.
Regards,
Willy
Received on 2009/04/04 17:54
This archive was generated by hypermail 2.2.0 : 2009/04/04 18:00 CEST