Re: Transparent proxies and binding to foreign addresses

From: Nerijus Baliunas (nerijus@users.sourceforge.net)
Date: Tue Jul 31 2001 - 13:13:08 EST


On 27 Jul 2001 09:16:58 +0200 Julio Sanchez Fernandez <j_sanchez@stl.es> wrote:

JSF> > I don't know if it is useful for you, but http://www.mcknight.de/jftpgw
JSF> > supports transparent proxy for Linux 2.4.x kernel.
JSF>
JSF> Only impersonating the server. What does not work is impersonating
JSF> the client and that cannot be fixed from user space.
JSF>
JSF> > BTW, do you know of any port forwarder which works with 2.4 kernel in
JSF> > transparent mode? I tried mmtcpfwd and portfwd, but both do not work.
JSF>
JSF> Anyone that used TCP and worked before should be easy to adapt by just
JSF> finding where it got the destination address with getsockname and
JSF> using the getsockopt with SOL_ORIGINAL_DST thing. Apparently, UDP is
JSF> out as well, though I don't care about that currently.
JSF>
JSF> Add to your list more forwarders like transproxy and those (plug-gw in
JSF> particular) in the TIS (NAI) FWTK with the transparency patches
JSF> described at http://www.fwtk.org
JSF>
JSF> While none of them has been adapted to 2.4, they should be easy as I
JSF> said above.
JSF>
JSF> And as long as you don't care what origin address the server sees,
JSF> that's alright. But all connections now seem to come from the proxy.
JSF> And that does not let you do things like differentiated services,
JSF> access control or audit. Even user support becomes a mess.

Do you mean that even if I adapt them as you say, the receiving end will see
connection orriginating from the proxy instead of the real address?
I'm asking as these 2 port forwarders I tried work with 2.4 kernel in non-transparent
mode, i.e. connections seem to come from the proxy, what I need is connection
to be seen to come from real originating IP.

Regards,
Nerijus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue Jul 31 2001 - 21:00:53 EST