Opened 12 years ago
Last modified 6 years ago
#287 new enhancement
Add option to enable IP_TRANSPARENT
Reported by: | Stijn Tintel | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | |
Keywords: | Cc: | ||
uname -a: | |||
nginx -V: | nginx version: nginx/1.2.6 |
Description
For Nginx to be able to respond to packets redirected with the Linux netfilter TPROXY target, the IP_TRANSPARENT option should be enabled. It would be nice to have this in Nginx as an additional parameter to the listen directive.
I have a patch that implements this for http, and will attach it to this ticket. The patch is made against 1.2.6, but also applies on 1.3.11.
Attachments (4)
Change History (9)
by , 12 years ago
Attachment: | nginx-ip_transparent.patch added |
---|
comment:1 by , 8 years ago
comment:2 by , 8 years ago
Unlikely, nginx is not designed to be used as a transparent proxy, and not even as a forward proxy. Introducing such an option would confuse users.
comment:3 by , 8 years ago
The reason for adding this feature was never to use nginx as forward or transparent proxy, but to intercept traffic matching certain criteria and redirect them to another nginx vhost on a different port, using the iptables TPROXY target.
by , 7 years ago
Attachment: | nginx-1.12.1-ip_transparent.patch added |
---|
Updated patch that applies cleanly against nginx 1.12.1
by , 6 years ago
Attachment: | 0001-Add-IP_TRANSPARENT-support.patch added |
---|
comment:4 by , 6 years ago
Based on patch @stintel posted, I make some modification to ngx_event_accept
so that we can read the original IP Address and port the client connects to from $server_addr
and $server_port
.
comment:5 by , 6 years ago
I just spent today writing almost this same patch :(
I would also love to have this patch merged, my version is essentially (I didn't quite handle the non-linux case as well as this patch) the same but I also added the option to the stream module.
by , 6 years ago
Attachment: | nginx-1.13.6.2-listen-transparent.patch added |
---|
Any chance we'll see this patch integrated soon? We're preparing to use nginx as a transparent proxy, and having IP_TRANSPARENT support is pretty critical to us.