Re: Transparent proxies and binding to foreign addresses

From: Nerijus Baliunas (
Date: Tue Jul 31 2001 - 13:13:08 EST

On 27 Jul 2001 09:16:58 +0200 Julio Sanchez Fernandez <> wrote:

JSF> > I don't know if it is useful for you, but
JSF> > supports transparent proxy for Linux 2.4.x kernel.
JSF> Only impersonating the server. What does not work is impersonating
JSF> the client and that cannot be fixed from user space.
JSF> > BTW, do you know of any port forwarder which works with 2.4 kernel in
JSF> > transparent mode? I tried mmtcpfwd and portfwd, but both do not work.
JSF> Anyone that used TCP and worked before should be easy to adapt by just
JSF> finding where it got the destination address with getsockname and
JSF> using the getsockopt with SOL_ORIGINAL_DST thing. Apparently, UDP is
JSF> out as well, though I don't care about that currently.
JSF> Add to your list more forwarders like transproxy and those (plug-gw in
JSF> particular) in the TIS (NAI) FWTK with the transparency patches
JSF> described at
JSF> While none of them has been adapted to 2.4, they should be easy as I
JSF> said above.
JSF> And as long as you don't care what origin address the server sees,
JSF> that's alright. But all connections now seem to come from the proxy.
JSF> And that does not let you do things like differentiated services,
JSF> access control or audit. Even user support becomes a mess.

Do you mean that even if I adapt them as you say, the receiving end will see
connection orriginating from the proxy instead of the real address?
I'm asking as these 2 port forwarders I tried work with 2.4 kernel in non-transparent
mode, i.e. connections seem to come from the proxy, what I need is connection
to be seen to come from real originating IP.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Tue Jul 31 2001 - 21:00:53 EST